Skill Audit
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-audit-modeio Version: 0.1.0 The skill bundle is a comprehensive static analysis tool designed to perform security audits on third-party AI skills and repositories. It implements a multi-layered scanning engine (in `modeio_skill_audit/skill_safety/`) that detects prompt injection, shell execution risks, secret exfiltration patterns, and supply chain vulnerabilities using deterministic regex-based rules. While the tool performs network requests to the GitHub API for OSINT reputation checks (`repo_intel.py`) and utilizes `subprocess` for Git metadata, these actions are strictly aligned with its documented purpose as a security scanner and do not exhibit signs of malicious intent or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may need to understand how the packaged CLI is installed or invoked, and should not assume there is no executable code just because there is no install spec.
The metadata presents the skill as instruction-only while the artifact set includes runnable Python package files and documented CLI commands. This is a setup/provenance clarity note, but no automatic install or hidden helper execution is shown.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: 28 code file(s)
Treat it as a Python CLI skill, review the package source before use, and prefer a clear pinned install path or local wrapper invocation.
Using the skill can execute local helper commands such as git, though the provided evidence does not show execution of target-repository code.
The skill runs a local git command to collect commit metadata. It uses an argument vector rather than shell=True and is aligned with repository auditing.
subprocess.run(["git", "-C", str(target_repo), "rev-parse", "HEAD"], check=True, capture_output=True, text=True)
Run it in a normal least-privilege environment and only point it at repositories you intend to audit.
A GitHub token, if provided, may be used for GitHub API requests, and repository origin information may be sent to GitHub.
The skill may use a GitHub token and contact GitHub for repository reputation checks. This is disclosed and purpose-aligned, with no evidence of credential logging or unrelated use.
Optional enhancement: `GITHUB_TOKEN` for higher GitHub API rate limits ... `evaluate` always attempts the GitHub OSINT precheck first when the target repository has a GitHub `origin`
Use a low-scope token only if needed for rate limits, and avoid scanning private repositories unless this GitHub lookup is acceptable.
Scan outputs or prompt payloads can contain snippets from local repository files, which may include private code or secrets.
The scanner recursively reads text files under the user-supplied target repository so it can produce findings and prompt payloads. This is core to the stated purpose, but scanned code or secrets may appear in reports.
for dirpath, dirnames, filenames in os.walk(target_repo): ... text = abs_path.read_text(encoding="utf-8")
Review generated JSON/prompt output before sharing it with external systems, and avoid scanning directories broader than the intended repository.