ClawHub

Security Audit

v1.0.0

Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w...

0· 205·0 current·0 all-time
by@ithacajason
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description are a security-audit for external resources and the package only requires python3 and includes a Python auditor (audit.py). No unrelated credentials, binaries, or install steps are requested, which matches the stated purpose.
Instruction Scope
SKILL.md and README instruct the agent/user to run python3 audit.py against a local directory or integrate it into post-clone/install hooks. The script only reads files under the target directory and reports findings; it does not attempt to read unrelated system paths, environment variables, or send data externally.
Install Mechanism
There is no install spec (instruction-only) and the README suggests copying the files into a skills directory or running the script directly. No remote downloads or archive extraction are performed by an installer.
Credentials
The skill declares no required environment variables or credentials. The runtime code does not access secrets or external services; it only examines files in the scanned directory.
Persistence & Privilege
The skill is not forced-always, does not request system-level persistence, and its recommended automatic usage is only local post-clone hooks invoked by the user. Autonomous invocation is permitted by platform default but is not combined with broad privileges here.
Assessment
This appears to be a straightforward local static-audit tool; it is reasonable to install and use. Before running: (1) review audit.py yourself (it is small and readable) to confirm you are comfortable with its checks, (2) run it in an isolated/sandboxed environment (or inside a container/VM) when auditing untrusted repos to avoid accidental execution of suspicious files, and (3) do not rely solely on this heuristic tool—follow up with manual review and runtime analysis for high-risk targets. If you enable automatic invocation in workflows, ensure the script is executed only on directories you intend to audit and not on system-wide paths.

Like a lobster shell, security has layers — review code before you run it.

auditvk97fd8ydx5bt7vfs6rr1pjfg2h82cpz3latestvk97fd8ydx5bt7vfs6rr1pjfg2h82cpz3safetyvk97fd8ydx5bt7vfs6rr1pjfg2h82cpz3securityvk97fd8ydx5bt7vfs6rr1pjfg2h82cpz3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binspython3

Comments