ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Intelligent Audit System

企业内部审计,风险评估 + 合规检查。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 28 · 0 current installs · 0 all-time installs
by@yang1002378395-cmyk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform enterprise audits that typically require access to internal systems, databases, or cloud resources, but the package contains no code and requests no environment variables or config paths. That mismatch (no declared data access or credentials) is inconsistent with the stated purpose.
!
Instruction Scope
SKILL.md provides explicit installation/runtime commands that instruct the user to 'git clone https://github.com/openclaw-skills/ai-intelligent-audit-system' and run 'pip install -r requirements.txt' and 'python app.py'. Since the repository and code are not included in this skill bundle, the runtime behavior cannot be audited here — the instructions direct the execution of external, unreviewed code which could access local data or network resources.
!
Install Mechanism
Although the registry lists no install spec, the README-like SKILL.md directs cloning and installing a GitHub project and running it. This implicitly relies on executing arbitrary third-party code and installing dependencies via pip without pinned versions or checksums, which is a supply-chain risk.
!
Credentials
No required env vars, credentials, or config paths are declared, yet an enterprise audit product would normally need credentials or access to systems to function. The absence of declared secrets is disproportionate and prevents pre-install review of what credentials the external app may request or use.
Persistence & Privilege
The skill does not request 'always: true' or elevated registry-level privileges and does not include any code that modifies other skills. However, because it instructs running external code, any persistence or privilege escalation would be determined by that external repo, not by this package.
What to consider before installing
Do not run the provided git/pip/python commands until you inspect the external repository and its dependencies. Specific steps to reduce risk: 1) Visit the GitHub URL and review the repository, app.py, requirements.txt, and any network/endpoints the app contacts; 2) Pin to a specific commit or release and verify checksums; 3) Run installation and execution in an isolated environment (container or VM) with no access to sensitive networks or credentials; 4) Review the code for hardcoded endpoints, credential usage, or data-exporting behavior; 5) If you must connect to internal systems, create a least-privilege service account or proxy with logging and time-limited access; 6) Prefer a vendor-provided release or a skill bundle that includes the code so it can be audited. Absence of scan findings in this package does not mean the external code is safe.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97az3y9z2v0tbaaf9xc3x38r5834xc1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

SKILL.md

AI 智能审计系统

描述

企业内部审计,风险评估 + 合规检查。

功能

  • 风险评估(AI识别风险点)
  • 合规检查(法规对照)
  • 审计报告(自动生成)
  • 整改跟踪(问题跟进)
  • 数据分析(异常检测)

定价

  • 基础版:¥399/月(内部审计)
  • 专业版:¥1999/月(专项审计)
  • 企业版:¥5999/月(全面审计)

适用场景

  • 企业内审
  • 财务审计
  • 合规审计
  • IT审计

技术栈

  • Python + FastAPI
  • 数据分析(Pandas)
  • 风险评估模型
  • 报告生成

安装

git clone https://github.com/openclaw-skills/ai-intelligent-audit-system
cd ai-intelligent-audit-system
pip install -r requirements.txt
python app.py

创建:2026-03-13 作者:OpenClaw Skills Team

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…