ClawHub

Skill Auditor Pro

审查 ClawHub skills 的安全性,检测恶意代码、可疑模式和社工攻击。在安装任何第三方 skill 前使用此工具进行安全检查。

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install skill-auditor-pro

Skill Auditor 🔍

Audit ClawHub skills for security threats before installing them.

Triggers

Use this skill when:

  • "Audit this skill"
  • "Check skill security"
  • Before installing any third-party skill

Usage

Method 1: Pre-install audit (recommended)

# Inspect without installing
clawhub inspect <skill-name>

# Run the audit script
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <skill-name>

Method 2: Audit an installed skill

~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <skill-path>

Detection Layers

L1: Pattern Matching

SeverityPatternRisk
🔴 Highbase64.*|.*bashEncoded execution
🔴 Highcurl.*|.*bashRemote script execution
🔴 Higheval\( / exec\(Dynamic code execution
🔴 HighKnown C2 server IPsMalicious communication
🟡 MediumAccess to ~/.openclaw/Config theft
🟡 MediumReads $API_KEY etc.Credential leakage
🟡 MediumSocial engineering keywordsUser deception
🟢 LowRequires sudoElevated privileges

L2: Deobfuscation

Automatically decodes hidden malicious payloads:

  • Base64 — Decodes and scans for hidden commands
  • Hex — Decodes \x41\x42 format strings
  • Checks decoded content for C2 servers and dangerous commands

L3: LLM Analysis (optional)

Uses Gemini CLI to analyze suspicious code intent:

  • Semantic understanding beyond pattern matching
  • Detects novel/unknown threats
  • Requires gemini CLI installed

Known Indicators of Compromise (IoC)

C2 Server IPs

91.92.242.30  # ClawHavoc primary server

Malicious Domains

glot.io       # Hosts obfuscated scripts
webhook.site  # Data exfiltration endpoint

Social Engineering Keywords

OpenClawDriver    # Non-existent "driver"
ClawdBot Driver   # Social engineering lure
Required Driver   # Tricks users into installing malware

Output Format

═══════════════════════════════════════════
  SKILL AUDIT REPORT: <skill-name>
═══════════════════════════════════════════

🔴 HIGH RISK FINDINGS:
   [LINE 23] base64 encoded execution detected
   [LINE 45] curl|bash pattern found

🟡 MEDIUM RISK FINDINGS:
   [LINE 12] Accesses ~/.openclaw/ directory

🟢 LOW RISK FINDINGS:
   [LINE 5] Requires sudo for installation

═══════════════════════════════════════════
  VERDICT: ❌ DO NOT INSTALL
═══════════════════════════════════════════

Best Practices

  1. Always audit before install — Never skip the security check
  2. Trust no skill blindly — Including highly starred or popular ones
  3. Check updates — Skill updates may introduce malicious code
  4. Report suspicious skills — Send to steipete@gmail.com

Maintenance

Update this skill when new threats are discovered:

  1. New malicious IP → Add to MALICIOUS_IPS
  2. New malicious domain → Add to MALICIOUS_DOMAINS
  3. New social engineering lure → Add to SOCIAL_ENGINEERING
  4. New attack pattern → Add regex detection

Update location: variable definitions at the top of scripts/audit.sh

References