ClawHub

Diff Auditor

v1.1.0

Audits what changed between your installed skill and a pending update — flags new tool requests and risk changes before you approve. Free taster. Full audit...

0· 64·0 current·0 all-time
by@ordo-tech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim to diff an installed skill and its update; the SKILL.md explicitly requires only 'read' and 'web_fetch' and describes reading the installed SKILL.md and fetching the remote SKILL.md for comparison. These capabilities are proportional to the stated purpose.
Instruction Scope
The instructions are narrowly scoped to reading and diffing SKILL.md frontmatter, instruction body, and any URLs mentioned there. This is coherent, but a significant limitation: many skills embed endpoints or behavior in other files (code, scripts, bundled assets) that this auditor will not inspect. The free/lite variant explicitly does NOT report new external endpoints or full instruction diffs, creating a blind spot for exfiltration or hidden changes.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code executed at install time — lowest-risk install model and consistent with the stated behavior.
Credentials
No environment variables, no credentials, and no additional config paths are required. Requested access (read local SKILL.md and web_fetch remote SKILL.md) is proportionate to the task.
Persistence & Privilege
Not always-enabled; user-invocable and allows model invocation (platform default). It does not request persistent system-wide privileges, nor does it modify other skills' configs. Autonomous invocation is permitted by default but not combined with extra privileges here.
Assessment
This skill appears to do what it says: it reads your installed SKILL.md and fetches the remote SKILL.md on ClawHub, then compares tool lists and reports a verdict. Before installing or relying on it, consider these points: - Blind spots: it only inspects SKILL.md. Updates that introduce new endpoints, credentials, or behaviors inside code files, scripts, or bundled assets will be missed — the free/lite version explicitly won't report new external endpoints. For high-risk environments, manually review the updated package or use tools that inspect code files, not just SKILL.md. - Trust and provenance: registry metadata shows no homepage/source; verify the publisher (ordo-tech) and the ClawHub URLs used to fetch remote SKILL.md before trusting reports. An attacker could spoof or publish malicious SKILL.md on a registry under an unfamiliar account. - Operational caution: do not rely solely on the free report for updates that add sensitive tools (exec, write, network access). If an update adds exec/write or similar, perform a thorough code review or use the 'full' audit capability the author advertises (or other auditing tools) before approving. If you need higher assurance, request/require an auditor that scans all package files (not just SKILL.md) and validates remote content authenticity (signed releases or trusted publisher verification).

Like a lobster shell, security has layers — review code before you run it.

latestvk97385khq4z4wpjd3vp2wd0dks84ef8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments