ClawHub

Skill Security Audit

已安装 Skills 的安全审计工具。用于批量审计 Skills 的安全性,包括命令执行、网络访问、文件访问、数据泄露、依赖风险、提示词越权和触发条件检查。适用于用户提供 Skills 列表和文件内容时进行安全扫描、护栏审查、提示词越权审查或强化建议。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 505 · 5 current installs · 6 all-time installs
by@chensu1234
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the requested inputs and actions: the skill is designed to audit Skills and asks the user to provide a skills list and file contents. There are no unrelated environment variables, binaries, or install steps, so the declared requirements are proportionate to the stated purpose.
Instruction Scope
SKILL.md provides a clear checklist, categories, and an output template for auditing user-supplied Skill files (SKILL.md, scripts, dependencies, references). It explicitly includes safer patterns (limit to files provided by user, avoid connectors/secrets, require explicit consent for outbound transfers). However, the instructions do not explicitly forbid the agent from independently reading local system files or connectors — the safety relies on the operator/agent implementation and on the user providing only the files they want audited. Recommend explicitly requiring 'only analyze files provided in the request' to avoid overbroad file access.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk footprint and eliminates risks from remote downloads or package installs.
Credentials
No environment variables, credentials, or config paths are requested. This is proportional to an audit-by-inspection tool. Reminder: users should avoid supplying secrets or credentials as part of the files they submit for audit.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request permanent inclusion or modification of other skills or system-wide settings.
Assessment
This skill appears coherent and low-risk because it is instruction-only and asks you to supply the Skill files to be audited. Before using it: (1) only provide the files you intend to share—do not include secrets, API keys, or private tokens; (2) confirm how your agent runtime enforces file access (ensure the agent will not autonomously read system files or connectors); (3) prefer running the audit in an environment that isolates sensitive data; and (4) consider adding an explicit instruction to the skill to 'only inspect files attached to the user request' to reduce the chance of unintended file access.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
auditvk97f4y0nkbm9z5pshzxm2qs7ks834t2jlatestvk97f4y0nkbm9z5pshzxm2qs7ks834t2jsafetyvk97f4y0nkbm9z5pshzxm2qs7ks834t2jsecurityvk97f4y0nkbm9z5pshzxm2qs7ks834t2j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Security Audit 🔐

对已安装的 Skills 进行安全审计,识别风险行为并提供修复建议。

审计类别

#类别说明
1命令执行检查不安全的 shell/python/node 执行
2网络访问检查未经授权的网络请求
3文件访问检查过度文件系统访问
4数据泄露检查未授权数据外传
5依赖风险检查不安全依赖
6提示词越权检查绕过安全边界
7触发条件检查描述是否过宽

严重程度

等级说明
Critical明显允许危险操作
High重大滥用风险
Medium潜在滥用风险
Low小问题
Info设计选择

使用方法

1. 准备审计材料

用户提供:

  • 已安装 Skills 列表
  • 每个 Skill 的文件内容(SKILL.md、scripts、references 等)

2. 执行审计

按照审查矩阵检查每个 Skill:

  1. 盘点文件
  2. 分类能力
  3. 检查风险
  4. 收集证据
  5. 评级
  6. 修复

3. 输出报告

每个 Skill 的报告结构:

# [skill name]

## verdict
- overall rating: [block/review/acceptable]
- top risks: [风险列表]

## findings
- category:
- severity:
- evidence:
- impact:
- remediation:

## replacement text
修复建议文本

审查矩阵

1. 任意命令执行

  • ⚠️ 高风险:允许任意 bash/sh/powershell/python/node 执行
  • ✅ 修复:限制为固定命令列表

2. 外部网络访问

  • ⚠️ 高风险:访问任意 URL
  • ✅ 修复:限制为白名单域名

3. 本地文件访问

  • ⚠️ 高风险:读取整个目录/主目录
  • ✅ 修复:限制为用户提供的文件

4. 数据泄露

  • ⚠️ 高风险:未经确认发送/上传数据
  • ✅ 修复:需要明确用户确认

5. 依赖风险

  • ⚠️ 高风险:未固定版本的可疑依赖
  • ✅ 修复:固定版本,使用标准库

6. 提示词越权

  • ⚠️ 高风险:忽略系统/策略约束
  • ✅ 修复:重述系统规则优先

7. 触发条件过宽

  • ⚠️ 高风险:描述过于宽泛
  • ✅ 修复:精确触发场景

输出要求

最终报告包含:

  1. 每个 Skill 的详细报告
  2. 总体摘要
  3. 最高风险项
  4. 修复优先级

示例

输入

Skills: [peekaboo, admapix, humanizer]
文件内容: SKILL.md, scripts/, ...

输出

# Portfolio Summary
- audited skills: 3
- block: 0
- review before use: 1
- acceptable: 2

- most common risk patterns: [列表]
- immediate remediation priorities: [优先级]

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…