ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Audit Pro

v1.0.0

AI Agent技能安全扫描工具。自动扫描已安装的OpenClaw技能,发现安全隐患。支持定时扫描(每24小时),自动发送报告到配置的所有Channel(Telegram/飞书等)。检测硬编码凭证、Shell注入、网络泄露等安全威胁。

0· 85·0 current·0 all-time
by@ohmanymoneygomyhome-creator

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ohmanymoneygomyhome-creator/skill-audit-pro.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Audit Pro" (ohmanymoneygomyhome-creator/skill-audit-pro) from ClawHub.
Skill page: https://clawhub.ai/ohmanymoneygomyhome-creator/skill-audit-pro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-audit-pro

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-audit-pro
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (skill scanner that reports to configured channels) matches the included scripts: skill_audit.py performs static regex-based scans and scan_and_report.py enumerates installed skills and discovers configured channels to build a report. The files it reads (skill directories, OpenClaw session/config files) are reasonable for a tool that needs to find skills and where to send reports.
Instruction Scope
SKILL.md and code limit actions to reading installed skill files and OpenClaw session/config JSONs and printing a report. That scope aligns with the stated purpose. Note: the tool reads ~/.openclaw agent/session and openclaw.json to discover channels — this is expected for delivering reports, but it means the scanner accesses agent session/config data (channel names/to fields). The README claim that installation "automatically creates every-24-hour tasks" is not implemented in the provided scripts (the scripts only generate a report when run).
Install Mechanism
No external install/downloads or unusual install hooks are present; the skill is distributed as source Python scripts and a SKILL.md. No network downloads, archive extraction, or brew/npm installs are present in the package.
Credentials
The skill declares no required env vars or credentials, and indeed the code does not request API keys. It does read local OpenClaw session/config files to discover active channels — reasonable for its purpose, but you should be aware it reads per-user config files under the home directory (it does not attempt to read arbitrary system secrets or environment variables).
Persistence & Privilege
always is false and the skill does not request to modify other skills or global agent settings. The SKILL.md promises automatic scheduling, but no code in the package actually registers a cron job; periodic execution presumably relies on platform support. Autonomous invocation (disable-model-invocation=false) is normal for skills and not, by itself, concerning here.
Assessment
This skill appears to be what it says: a local static scanner that enumerates installed skills and prints a report intended to be delivered to the agent's configured channels. Before installing, consider: 1) Source provenance — the package has no homepage and an unknown owner; prefer skills from known sources. 2) Review ~/.openclaw/agents/.../sessions.json and ~/.openclaw/openclaw.json contents (or inspect the code paths) to confirm no sensitive tokens would be exposed by discovery heuristics. The scripts only read channel metadata (channel/to), they do not post externally themselves, but printed channel data may appear in outputs. 3) If you want scheduled scans, verify how your OpenClaw deployment schedules skills — the package itself does not create cron jobs. 4) If you have strict secrecy requirements, run the scanner in a restricted/test environment first or review/execute the code manually. If anything in the package is unclear, ask the publisher for source verification or a signed release before enabling autonomous runs.
scripts/skill_audit.py:108
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979w5frrx6f2jk03tbdswzkp183nwcy
85downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@ohmanymoneygomyhome-creator
latest
Download

🛡️ Skill Audit - AI技能安全扫描工具

每天自动扫描一次,守护你的Agent安全

功能特点

  • 🔍 全面扫描 - 检查所有已安装的技能(npm包+扩展+workspace)
  • 🛡️ 四大威胁检测
    • 🔴 硬编码凭证(密码、API密钥)
    • 🔴 环境变量泄露
    • 🔴 Shell注入风险
    • 🔴 网络请求外泄
  • 定时扫描 - 每24小时自动执行
  • 📱 多渠道推送 - 自动发送到所有已配置的Channel
  • 🎯 精准定位 - 告诉你是哪一行代码有问题

安全等级

等级含义建议
🔴 CRITICAL严重漏洞立即卸载
🟠 HIGH高危风险需人工确认
🟡 MEDIUM中危隐患可选处理
⚪ INFO最佳实践可忽略

使用方法

手动触发

scan skills
扫描技能
安全扫描
audit skills

定时任务

安装后自动创建每24小时的定时扫描任务。

报告示例

🛡️ Skill Audit Report
AI技能安全扫描 — 守护你的Agent
━━━━━━━━━━━━━━━━━━━━

📊 扫描概况
已扫描:53 个技能
✅ 安全:52 个
⚠️ 有隐患:1 个

📋 隐患详情
🔸 some-skill
   🔴 严重 1 个
   → Hardcoded credentials

💡 处理建议
🔴 立即卸载 /remove some-skill

━━━━━━━━━━━━━━━━━━━━

技术细节

  • 扫描引擎: Python正则表达式静态分析
  • 扫描范围: npm包技能、扩展技能、工作区技能
  • 安装即用: 自动配置定时任务和渠道推送

安装要求

  • OpenClaw 运行环境
  • Python 3.7+
  • 至少配置了一个消息渠道(Telegram/飞书等)

安装后

  1. 安装完成后3分钟内收到首次扫描报告
  2. 之后每24小时自动扫描一次
  3. 报告发送到所有已配置的Channel

Comments

Loading comments...