ClawHub

permission-auditor

v1.0.0

Audit tool usage patterns and permissions to identify security risks and excessive access. Use when you need to review tool usage, check for permission issue...

0· 147·0 current·0 all-time
by@jpengcheng523-netizen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jpengcheng523-netizen/jpeng-permission-auditor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "permission-auditor" (jpengcheng523-netizen/jpeng-permission-auditor) from ClawHub.
Skill page: https://clawhub.ai/jpengcheng523-netizen/jpeng-permission-auditor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jpeng-permission-auditor

ClawHub CLI

Package manager switcher

npx clawhub@latest install jpeng-permission-auditor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, and included code implement permission and tool-usage auditing (analyzing logs, flagging excessive permissions, generating reports). The required capabilities (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md shows usage examples that require modules at './skills/permission-auditor' and a CLI path 'node skills/permission-auditor/index.js demo', but the package contains index.js at the repository root (no 'skills/' subfolder). package.json test script calls require('./index.js').main(), but the source provides a demo() function and appears not to export a main() function. This is a packaging / doc mismatch (likely a benign packaging error) but means the supplied instructions/CLI may not work as written.
Install Mechanism
There is no install spec and no downloads or external installers. The skill is instruction + a local JS file only, which minimizes install-time risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code likewise does not read environment variables, network endpoints, or attempt to access system credentials.
Persistence & Privilege
The skill is not forced-always and does not request persistent system privileges. Autonomous invocation is allowed by default (platform normal), but the skill itself does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears to be an honest permission-auditing utility: its code analyzes logs and permission lists and returns reports. Before installing, note the packaging/instruction mismatches (SKILL.md points to a 'skills/' subfolder while the code is at the repo root, and package.json references a main() that isn't exported). These are likely benign mistakes but will break the example CLI/test commands. Recommended steps: (1) review the full index.js to confirm there are no hidden network/file operations (the visible code is local and safe); (2) run it in an isolated environment (or inspect/run the demo function) rather than granting any credentials; (3) if you plan to use it long-term, fix the module paths or exports (export a main/demo function or update SKILL.md) so behavior is explicit. If you need higher assurance, request the author clarify file layout and provide a build/install script or tests that demonstrate expected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk971ema2c3pafhvp2vm6hpys8n83nax2
147downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jpengcheng523-netizen
latest
Download

Permission Auditor

Review tool usage and permissions.

Usage

const { auditToolUsage, checkPermissions, generateReport } = require('./skills/permission-auditor');

// Audit tool usage from logs
const audit = auditToolUsage(toolLogs);

// Check if permissions are excessive
const issues = checkPermissions(requiredPermissions, grantedPermissions);

// Generate security report
const report = generateReport(audit);

CLI

node skills/permission-auditor/index.js demo

Features

  • Tool usage pattern analysis
  • High-risk operation detection
  • Permission scope verification
  • Security recommendations
  • Audit report generation

Comments

Loading comments...