ClawHub

OpenClaw Skill Auditor

Scans ClawHub skills to detect malicious code, obfuscated payloads, and social engineering via pattern matching, deobfuscation, and LLM analysis before insta...

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install openclaw-skill-auditor

Skill Auditor 🔍

Audit ClawHub skills for security threats before installing them.

Triggers

Use this skill when:

  • "Audit this skill"
  • "Check skill security"
  • Before installing any third-party skill

Usage

Method 1: Pre-install audit (recommended)

# Inspect without installing
clawhub inspect <skill-name>

# Run the audit script
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <skill-name>

Method 2: Audit an installed skill

~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <skill-path>

Detection Layers

L1: Pattern Matching

SeverityPatternRisk
🔴 Highbase64.*|.*bashEncoded execution
🔴 Highcurl.*|.*bashRemote script execution
🔴 Higheval\( / exec\(Dynamic code execution
🔴 HighKnown C2 server IPsMalicious communication
🟡 MediumAccess to ~/.openclaw/Config theft
🟡 MediumReads $API_KEY etc.Credential leakage
🟡 MediumSocial engineering keywordsUser deception
🟢 LowRequires sudoElevated privileges

L2: Deobfuscation

Automatically decodes hidden malicious payloads:

  • Base64 — Decodes and scans for hidden commands
  • Hex — Decodes \x41\x42 format strings
  • Checks decoded content for C2 servers and dangerous commands

L3: LLM Analysis (optional)

Uses Gemini CLI to analyze suspicious code intent:

  • Semantic understanding beyond pattern matching
  • Detects novel/unknown threats
  • Requires gemini CLI installed

Known Indicators of Compromise (IoC)

C2 Server IPs

91.92.242.30  # ClawHavoc primary server

Malicious Domains

glot.io       # Hosts obfuscated scripts
webhook.site  # Data exfiltration endpoint

Social Engineering Keywords

OpenClawDriver    # Non-existent "driver"
ClawdBot Driver   # Social engineering lure
Required Driver   # Tricks users into installing malware

Output Format

═══════════════════════════════════════════
  SKILL AUDIT REPORT: <skill-name>
═══════════════════════════════════════════

🔴 HIGH RISK FINDINGS:
   [LINE 23] base64 encoded execution detected
   [LINE 45] curl|bash pattern found

🟡 MEDIUM RISK FINDINGS:
   [LINE 12] Accesses ~/.openclaw/ directory

🟢 LOW RISK FINDINGS:
   [LINE 5] Requires sudo for installation

═══════════════════════════════════════════
  VERDICT: ❌ DO NOT INSTALL
═══════════════════════════════════════════

Best Practices

  1. Always audit before install — Never skip the security check
  2. Trust no skill blindly — Including highly starred or popular ones
  3. Check updates — Skill updates may introduce malicious code
  4. Report suspicious skills — Send to steipete@gmail.com

Maintenance

Update this skill when new threats are discovered:

  1. New malicious IP → Add to MALICIOUS_IPS
  2. New malicious domain → Add to MALICIOUS_DOMAINS
  3. New social engineering lure → Add to SOCIAL_ENGINEERING
  4. New attack pattern → Add regex detection

Update location: variable definitions at the top of scripts/audit.sh

References