Skills Audit
v1.5.3Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).
⭐ 1· 132·1 current·1 all-time
byucloud-securiry@ucloud-security
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the included files and behavior: Python scripts that scan workspace/skills, compute hashes, take git snapshots, write NDJSON logs, produce diffs, and generate notifications. Required components (Python, git) and the config files are appropriate for an audit/monitoring tool; there are no unrelated credential or cloud dependencies declared.
Instruction Scope
Runtime instructions and the code limit themselves to static analysis, file I/O under the workspace and ~/.openclaw/skills-audit, git subprocess calls, and local helper scripts. The skill explicitly states it will not execute audited skill code. It does perform controlled subprocess calls (git, git diff) and may make an optional remote MD5 query to QianXin SafeSkill when the user enables that feature.
Install Mechanism
No install spec or remote downloads are present; this is an instruction+script package that relies on the local Python runtime and git. Nothing in the package fetches or extracts arbitrary external code by default.
Credentials
The skill requests no environment variables or credentials by default. It can optionally use a user-supplied QianXin token (kept in config/intelligent.json) to query remote intel by bundle MD5; that is reasonable for an opt-in threat-intel feature but is the only remote-credential requirement. The tool will read the entire workspace/skills tree and write logs/snapshots under ~/.openclaw/skills-audit, which can contain snippets of code and file paths—so log contents are sensitive and proportional to its function.
Persistence & Privilege
always:false and the skill does not auto-create system-wide cron jobs. It writes only to its own directory under the user's home (~/.openclaw/skills-audit) and manages its own baseline/log files. It does not request elevated system privileges or modify other skills' configurations.
Assessment
This skill appears to be what it says: a local static auditor and monitor. Before enabling it, note: (1) it will read all files under your workspace/skills and store snapshots and NDJSON logs under ~/.openclaw/skills-audit—these logs can include file snippets and paths, so review their permissions; (2) the optional remote intel lookup (QianXin SafeSkill) requires you to add your token to config/intelligent.json—leave it disabled unless you trust that service and understand that only a bundle MD5 is sent, not full files; (3) the tool executes local subprocesses such as git and the included helper scripts—ensure git is installed and review the scripts if you want to audit exact behavior; (4) the skill deliberately does not auto-create cron jobs, so you must explicitly add scheduling if desired; (5) minor implementation note: the code has a default config fallback for QianXin that may differ from the shipped intelligent.json default, but the shipped config sets enabled:false—verify config/intelligent.json to be sure remote queries remain disabled. If you need to be extra cautious, run the scanner once in a restricted environment, inspect ~/.openclaw/skills-audit/logs.ndjson, and keep the QianXin token empty.Like a lobster shell, security has layers — review code before you run it.
latestvk97bmwk376vm6c2m52bvr3f7s584byye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.