Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Auditor
v1.0.0Audit any AI coding tool for telemetry, remote control, permissions, privacy, and hidden features. Generates a graded report (A-F).
⭐ 0· 38·0 current·0 all-time
byBlossom@mackding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and SKILL.md all describe an audit tool and the included wrapper script matches that purpose. However the real audit logic is delegated to an external npm package (@claws-shield/auditor) referenced by the script and by SKILL.md (npx @claws-shield/cli), but the skill provides no install spec or package source. That omission is disproportionate: a security/audit skill should either include its implementation or clearly declare and pin the external artifact being executed.
Instruction Scope
Runtime instructions tell the agent to read and analyze a target source tree (expected). But the included script simply imports and runs runAudit from @claws-shield/auditor — meaning the skill delegates arbitrary logic to that package. The SKILL.md gives no constraints on network access, telemetry, or on what runAudit may itself read, write, or transmit, so the true runtime scope is unknown and could include network exfiltration or reading unrelated environment/config.
Install Mechanism
There is no install spec. SKILL.md suggests using npx or node to run a package that is not bundled. Relying on npx/npm at runtime pulls arbitrary code from the npm registry (moderate-to-high risk) and the skill's on-disk files are only a tiny wrapper, so you cannot audit the actual logic without fetching the external package. This is a material install/ supply-chain risk.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a source-only audit. However because the audit logic lives in an external package, that package could attempt to read environment variables, credentials, or system config without that being declared. The lack of declared env vars therefore reduces transparency and is a risk factor.
Persistence & Privilege
The skill does not request always:true, does not declare persistent privileges, and contains no install that writes files beyond what npx/npm would normally cache. There is no explicit attempt to modify other skills or system-wide config in the provided files. Still, the external package could perform writes at runtime — that behavior is not visible from the skill bundle.
What to consider before installing
This skill is a wrapper around an external npm package that is not included in the bundle. Before installing or running it: (1) obtain and review the source of @claws-shield/auditor (or the @claws-shield/cli) — do not run npx blindly; (2) prefer a locally vendored, pinned version of the auditor so you can inspect it; (3) run the tool in an isolated sandbox or offline environment first (no network) to see what files it reads/writes; (4) check npm package metadata, publisher, versions, and integrity (tarball SHA); (5) avoid providing credentials or sensitive environment variables while testing; (6) if you cannot audit the external package, treat the skill as untrusted. These steps will reduce supply-chain and exfiltration risk.Like a lobster shell, security has layers — review code before you run it.
latestvk970z0v97b8wctsr9vrg4vw4x18400x9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.