SkillLens Audit

v1.0.0

Audit locally installed agent skills for security/policy issues using the SkillLens CLI (`skilllens scan`, `skilllens config`). Use when asked to scan a skills directory (Codex/Claude) and produce a risk-focused audit report based on each skill's `SKILL.md` and bundled resources.

⭐ 4· 3.3k·29 current·31 all-time

by@morozred

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for morozred/skill-audit.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "SkillLens Audit" (morozred/skill-audit) from ClawHub.
Skill page: https://clawhub.ai/morozred/skill-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-audit

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the instructions: SKILL.md tells the agent to run the SkillLens CLI to scan local skill directories. There are no unrelated environment variables, binaries, or config paths requested.

ℹ

Instruction Scope

Instructions stay within the audit purpose: scan a concrete directory, inspect SKILL.md and assets, and avoid executing bundled scripts. One operational note: the SKILL.md tells users/agents to run 'npx skilllens scan' or 'pnpm add -g skilllens' — that invokes a third-party CLI (downloads and runs code from the npm registry), which is expected for this workflow but expands the runtime surface.

ℹ

Install Mechanism

There is no install spec in the skill bundle itself, but the runtime instructions recommend using npx/pnpm to fetch the SkillLens CLI. Fetching code from npm is a common pattern (moderate risk compared with direct downloads from unknown URLs); users should verify package provenance/version before running or performing a global install.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. The audit workflow reads local skill files (SKILL.md and assets) which is appropriate for its stated purpose.

✓

Persistence & Privilege

The skill does not request persistent inclusion (always:false) or system-wide changes. The instructions recommend inspecting before executing and do not direct modifications of other skills or system-wide settings.

Assessment

This instruction-only skill is coherent, but follow safe practices before running the recommended CLI: 1) Prefer running npx with an explicit version (npx skilllens@<version> scan) or inspect the package source on the npm/GitHub registry first; 2) Avoid global installs unless you trust the publisher; 3) Run scans from a least-privileged environment or isolated container if possible; 4) Do not allow automatic execution of bundled scripts — the SKILL.md correctly advises manual inspection first; 5) Verify SkillLens configuration (scan roots) before scanning to avoid scanning unexpected system locations.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qtf3nwaarr72xxvhfjd47d7zpfxp

3.3kdownloads

4stars

1versions

Updated 2mo ago

v1.0.0

MIT-0

Skills Audit (SkillLens)

Install SkillLens

One-off run: npx skilllens scan (or pnpm dlx skilllens scan)
Global install: pnpm add -g skilllens

Quick start

Run skilllens config to see configured scan roots and auditor CLI availability.
Run skilllens scan to scan configured roots, or skilllens scan <path> to scan a specific directory.
Re-run with --verbose to see raw auditor output and --force to ignore cached results.

Audit workflow

Define scope
- Prefer a concrete target path (example: ~/.codex/skills) unless the user explicitly wants all configured roots.
- If auditing a repo checkout containing skills, scan the parent folder that contains skill directories (example: skilllens scan ./skills).
Inventory skills with SkillLens
- Run skilllens scan [path] [--auditor claude|codex].
- Treat missing auditor CLIs or skipped statuses as “manual review required”, not “safe”.
Prioritize review order
- Review any unsafe or suspicious verdicts first.
- Next, review skills that request broad permissions (filesystem/network), run shell commands, or reference external downloads.
Manually review each skill’s contents
- Read the skill’s SKILL.md and any referenced scripts/, references/, and assets/.
- Do not execute bundled scripts by default; inspect first.
Evaluate risks (focus on realistic abuse)
- Exfiltration: sending file contents, env vars, tokens, SSH keys, browser data, or configs to remote endpoints.
- Execution: instructions to run arbitrary shell commands, curl | bash, eval, or to fetch-and-execute code.
- Persistence: modifying shell profiles, launch agents, cron, editor configs, or skill install locations.
- Privilege/approval bypass: instructions to ignore system policies, disable safety checks, or request escalated permissions unnecessarily.
- Prompt injection: attempts to override higher-priority instructions (“ignore previous”, “always comply”, “never mention…”).
- Overbroad triggers: vague descriptions that cause the skill to trigger on unrelated tasks.
Produce a report
- For each skill, include: name, path, verdict (safe/suspicious/unsafe), risk (0–100), and bullet issues with concrete evidence (quote or filename).
- Recommend fixes that reduce blast radius: narrow scope, remove dangerous defaults, add explicit confirmation gates, and document required permissions.

Command snippets

Scan configured roots: skilllens scan
Scan a specific folder: skilllens scan ~/.codex/skills
Force a re-audit and show raw output: skilllens scan ~/.codex/skills --force --verbose

Comments

Loading comments...