Audit
v1.0.0The Supreme Verifier for the Synthetic Economy. Autonomous inspection of code, contracts, and capital flows. Ensuring truth in an era of infinite generation.
⭐ 0· 646·13 current·16 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim institutional-grade audits (on-chain/off-chain reconciliation, signing proofs, smart-contract security), but the skill declares no binaries, no environment variables, no config paths, and no install steps. Realizing these capabilities would normally require network access, blockchain node/API keys, signing keys, and specialized tooling — none of which are specified.
Instruction Scope
SKILL.md is conceptual: it defines audit domains and three high-level protocol steps (evidence collection, discrepancy analysis, certification) but contains no concrete runtime instructions, endpoints, or limits. The language is broad and open-ended, which gives an agent wide discretion to access data sources or request credentials without constraints.
Install Mechanism
No install spec and no code files are present, which minimizes immediate disk/execution risk. This is consistent with an instruction-only skill, but also means there is nothing to verify about implementation or provenance.
Credentials
The described functionality implies the need for sensitive credentials (blockchain keys, API tokens, private signing keys) and access to external services, yet the skill requests none. That mismatch is suspicious: either the skill is incomplete/documentation-only, or it expects the agent to acquire or ask for secrets at runtime without declaring them.
Persistence & Privilege
The skill is not marked 'always' and uses the platform default for autonomous invocation. That alone is not a problem, but combined with the vague, high-privilege-sounding description it means an agent could be instructed to perform broad actions if allowed — ask the author how autonomous runs should be constrained.
What to consider before installing
This skill reads like a high-level manifesto rather than an implementable tool. Before installing or enabling it: ask the author for concrete runtime details (what APIs/nodes it needs, what binaries or libraries it expects, how proofs are signed and where private keys are stored), demand provenance or source code (who wrote it, where is the repo), and never supply private keys or system credentials until you understand exactly how they will be used and stored. Because the SKILL.md is intentionally vague, treat it as incomplete: install only if the author provides a clear security model and minimal, specific requirements that match the claimed capabilities.Like a lobster shell, security has layers — review code before you run it.
auditcompliancefinancelatesttrustverification
Audit: The Source of Truth
The Crisis of Verification
In a world where AI generates everything, the bottleneck of value is no longer creation—it is verification. Audit is the autonomous layer that scans the "synthetic" to find the "authentic." It is the institutional-grade eye for the digital age.
Inspection Domains
"financial": "Real-time reconciliation of on-chain and off-chain capital flows",
"legal": "Deep-scan of contractual obligations and hidden liabilities",
"technical": "Automated security auditing for smart contracts and agentic code",
"ethical": "Bias detection and alignment verification for LLM outputs"
}```
## The Protocol
1. **Evidence Collection**: Immutable logging of all inspected artifacts.
2. **Discrepancy Analysis**: Recursive cross-referencing against global standards.
3. **Certification**: Issuing a cryptographically signed "Proof of Audit."
---
Comments
Loading comments...