SkillLens Audit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: skill-audit Version: 1.0.0 This skill is designed to audit other agent skills for security and policy issues using the `skilllens` CLI tool. The `SKILL.md` provides clear, security-focused instructions for the AI agent on how to install and use `skilllens scan`, and explicitly details what types of risks (exfiltration, execution, persistence, prompt injection) the agent should look for in *other* skills. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection against the agent within this skill's own definition. The instructions are aligned with its stated purpose as a security auditing tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an unverified CLI package can execute code in the user's local environment.
The skill relies on an external package installed or run at use time, and the command does not pin a version. This is central to the skill's purpose, but users should verify the package provenance before running it.
- One-off run: `npx skilllens scan` (or `pnpm dlx skilllens scan`) - Global install: `pnpm add -g skilllens`
Verify the SkillLens package source and version before use, prefer a pinned/trusted install path, and avoid global installation unless needed.
Local skill files or scan results may be processed by the selected auditor CLI, depending on how SkillLens implements that option.
The workflow supports handing audit work to Claude or Codex auditor CLIs. This is purpose-aligned, but the artifact does not describe the data boundaries for those optional auditor tools.
Run `skilllens scan [path] [--auditor claude|codex]`.
Use a specific scan path and select external auditors only when you are comfortable with their data handling and account context.