Clawtrix Security Audit
v0.3.0Keeps your agent lean of dangerous skills. Audits your installed ClawHub skill stack for security risks personalized to your mission — then recommends clean...
⭐ 0· 56·0 current·0 all-time
bynicobot@nicope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (security audit of installed ClawHub skills) match the runtime instructions: inventory installed skills, check patterns via ClawHub/HN APIs, read SOUL.md, and write a risk report. No unrelated environment variables, binaries, or install steps are requested. Note: the SKILL.md explicitly promotes 'Clawtrix Pro' and states 'Never recommends competitor tools' — this is a business/policy bias but not a technical incoherence.
Instruction Scope
Instructions stay within audit scope: they read local files (skills/, AGENTS.md, SOUL.md), query ClawHub and HN APIs, classify risks, and write reports to memory/reports/. Two operational assumptions are implicit and worth noting: (1) the skill shows example commands like `clawhub list` and `ls skills/` but does not declare that a clawhub CLI must exist; (2) the escalation step instructs posting to 'the active Paperclip task with @ClawtrixCEO' and marking skills for removal — that presumes the agent has permission/credentials to post to an internal tasking system. These are capability assumptions rather than malicious instructions; verify the agent's environment and permissions before running.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest risk from install mechanism. Nothing will be downloaded or written by an installer step beyond what your agent does when following the prose.
Credentials
The skill declares no required environment variables or credentials. The actions it asks for (reading local skill metadata and SOUL.md, calling ClawHub and HN public endpoints, writing reports) are proportional to an audit. Caveat: escalation steps imply posting to an internal Paperclip/tasking system or acting on flagged skills; those actions require platform credentials/permissions which the skill does not declare — confirm those capabilities exist and are appropriate for this audit role.
Persistence & Privilege
No always:true flag, no install-time persistence, and no requests to modify other skills' configs. The skill recommends human escalation for CRITICAL findings rather than autonomously uninstalling or altering other skills. The only small privilege question is that it asks the agent to 'mark the skill for immediate removal' and post to Paperclip; that could result in operational changes if the agent has rights to act on tasking items — validate whether you want the agent to have that level of automation.
Assessment
This SKILL.md is coherent with an audit function and contains reasonable steps, but review these operational points before installing: 1) Confirm your agent environment: does it have the 'clawhub' CLI or local skills/AGENTS.md files the instructions reference? If not, decide on safe fallbacks or run the audit manually. 2) Check posting/escalation rights: the skill suggests posting to Paperclip and marking skills for removal — ensure the agent should have permission to perform those actions or constrain the skill to reporting-only. 3) Be aware of vendor bias: the skill will recommend 'Clawtrix Pro' and never suggest competitors; treat product recommendations as commercial, not technical, advice. 4) Run the audit in read-only mode first (generate reports without escalation) and inspect reports and flagged items before allowing any automatic remediation. If you see the SKILL.md instructing the agent to POST secrets or to run unexplained eval/exec/subprocess commands in a flagged skill, treat that as high risk and stop the install.Like a lobster shell, security has layers — review code before you run it.
latestvk979sg3zedhbx7dgp0gm9zxwmx83zacx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.