ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audit Code

v1.1.1

Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities

2· 2.5k·10 current·12 all-time
by@itsnishi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for itsnishi/audit-code.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Audit Code" (itsnishi/audit-code) from ClawHub.
Skill page: https://clawhub.ai/itsnishi/audit-code
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install itsnishi/audit-code

ClawHub CLI

Package manager switcher

npx clawhub@latest install audit-code
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (code security review for secrets, dangerous calls, dependencies, permissions) align with included artifacts: a Python scanner (scripts/audit_code.py) and a pattern database (scripts/patterns.py). No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions tell the agent to run the included Python script against a target path and to use Bash/Read/Glob/Grep tools. The scanner legitimately reads repository files (including .env and key files) and checks permissions; this is expected. Minor inconsistency: SKILL.md claims 'If $ARGUMENTS is empty, default to $PROJECT_ROOT', but the script actually requires an explicit path and exits if none is provided. Also the frontmatter pre-approves Bash (allowed-tools includes Bash), which is functional here but is a capability that should be intentionally allowed.
Install Mechanism
No install spec or remote downloads; the skill is instruction+bundled code only. All code is included in the package (no external fetches or extract operations), which reduces install-time risk.
Credentials
The skill declares no required environment variables or credentials. The scanner will read repository files (including potential secret files) as part of its function; that file access is proportionate to an auditing tool and is not requesting unrelated secrets.
Persistence & Privilege
always is false and disable-model-invocation is true (skill cannot be auto-invoked by the model), and it does not request persistent system-wide changes. The only elevated capability in the frontmatter is allowing Bash execution when run; because model auto-invocation is disabled, the skill can only be run explicitly by a user.
Assessment
This skill appears to be a legitimate local code auditor. Before running it: (1) review the bundled scripts yourself (they are included) to confirm behavior; (2) run it against a specific project path (the script requires a path — SKILL.md's claimed default is inaccurate); (3) run it as a non‑privileged user or inside a sandbox/container to avoid accidental scanning outside the intended repository; (4) be aware it will read files like .env and private keys (that is its purpose) but it does not contain obvious network/exfiltration code; and (5) if you plan to let other agents/tools invoke it, consider the implications of allowing Bash execution in the frontmatter even though model auto-invocation is disabled.
scripts/patterns.py:357
Shell command execution detected (child_process).
scripts/patterns.py:350
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1fybrrmgfp6w7f9vvdmqs583pe7bsecurityvk97ebs1md8s0b2fzkerxbvn61n80paw5
2.5kdownloads
2stars
3versions
Updated 6h ago
v1.1.1
MIT-0
@itsnishi
latestsecurity
Download

audit-code -- Project Code Security Review

Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.

What to do

Run the auditor against the target path:

python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"

If $ARGUMENTS is empty, default to $PROJECT_ROOT.

What it checks

  • Hardcoded secrets -- API keys (AWS, GitHub, Stripe, OpenAI, Slack), tokens, private keys, connection strings, passwords
  • Dangerous function calls -- eval, exec, subprocess with shell=True, child_process.exec, pickle deserialization, system(), gets(), etc.
  • SQL injection -- String concatenation/interpolation in SQL queries
  • Dependency risks -- Known hallucinated package names, unverified installations
  • Sensitive files -- .env files committed to git, credential files in repo
  • File permissions -- Overly permissive chmod patterns
  • Exfiltration patterns -- Base64 encode + network send, DNS exfiltration, credential file reads

Output

Structured report with severity-ranked findings, file locations, and actionable remediation steps.

When to use

  • Before committing or pushing code
  • When reviewing third-party contributions or PRs
  • As part of a periodic security audit of the codebase
  • After AI-assisted code generation to verify no secrets or vulnerabilities were introduced

Advisory hooks

The repository's .claude/settings.json includes PreToolUse hooks that warn on dangerous Bash and Write operations. These hooks are advisory only -- they produce warnings but do not block execution.

  • audit-code is the detection layer for source code security issues
  • The hooks provide supplementary runtime warnings during agent operation
  • To enforce blocking, hooks must return {"decision": "block"} instead of warning messages

Comments

Loading comments...