ClawHub

Skill Audit

Runs a deterministic static safety audit for third-party AI skill or plugin repositories before install or execution. Use when asked to scan a skill repo, assess whether a repo is safe to install, run a skill safety assessment, or produce evidence-backed findings for pre-install security screening.

Audits

Pass
ClawScanReview

Agentic behavior and permission review.

Static analysisReview

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install skill-audit-modeio

Run pre-install repository safety audits

Use this skill to evaluate a skill, plugin, or repository before you install it, trust it, or recommend it.

This skill is for static evidence-backed auditing only. It does not execute code, install dependencies, or run hooks in the target repository.

Maintainer-only validation and benchmark assets are excluded from ClawHub uploads.

Scope

  • Included:
    • deterministic repository audit through evaluate / scan
    • prompt payload generation through prompt
    • evidence-linkage checks through validate
    • context-aware merge flow through adjudicate
  • Not included:
    • code execution inside the target repository
    • dependency installation or hook execution in the target repository
    • benchmark helper workflows as the normal published runtime path

Working directory

Run these commands from inside the skill-audit folder.

Requirements

  • Hard requirement: python3
  • Optional enhancement: git for commit metadata and GitHub-origin discovery
  • Optional enhancement: GITHUB_TOKEN for higher GitHub API rate limits

Core commands

Installed entrypoint:

skill-audit evaluate --target-repo /path/to/repo --json > /tmp/skill_scan.json
skill-audit prompt --target-repo /path/to/repo --scan-file /tmp/skill_scan.json --include-full-findings
skill-audit validate --scan-file /tmp/skill_scan.json --assessment-file /tmp/assessment.md --json
skill-audit adjudicate --scan-file /tmp/skill_scan.json --assessment-file /tmp/adjudication.json --json

Repo-local wrapper:

python3 scripts/skill_safety_assessment.py evaluate --target-repo /path/to/repo --json > /tmp/skill_scan.json
python3 scripts/skill_safety_assessment.py prompt --target-repo /path/to/repo --scan-file /tmp/skill_scan.json --include-full-findings
python3 scripts/skill_safety_assessment.py validate --scan-file /tmp/skill_scan.json --assessment-file /tmp/assessment.md --json
python3 scripts/skill_safety_assessment.py adjudicate --scan-file /tmp/skill_scan.json --assessment-file /tmp/adjudication.json --json

Compatibility alias:

python3 scripts/skill_safety_assessment.py scan --target-repo /path/to/repo --json > /tmp/skill_scan.json

Runtime notes

  • evaluate always attempts the GitHub OSINT precheck first when the target repository has a GitHub origin
  • evaluate intentionally skips target-repo tests/ and fixture paths so the result stays focused on installable runtime surfaces
  • prompt should follow a deterministic scan; validate checks model-written output against scan evidence; adjudicate handles context-sensitive merge decisions
  • scripts/run_repo_set.py is a maintainer benchmark helper and is not part of the normal ClawHub runtime flow
  • Use --json whenever you want the full deterministic report with integrity, scoring, highlights, and findings

References

  • references/architecture.md — package layout and scan pipeline.
  • references/prompt-contract.md — strict prompt contract for model-assisted review.
  • references/output-contract.md — JSON/report contract and compatibility expectations.

When not to use

  • Live execution-time safety checks for commands or operations
  • Content transformation tasks that need to mask, rewrite, or restore sensitive data
  • Local routing or middleware scenarios where requests must flow through a gateway