Skill Security Audit

Overview

Scan and audit AI agent skills, plugins, and tool definitions for security vulnerabilities across nine risk categories aligned with the OWASP Agentic AI Top 10 (ASI01 through ASI10). This skill works cross-platform with Claude Code, OpenClaw, and any AI agent platform that uses file-based skill definitions. Rather than relying on brittle regex patterns, it performs AI-powered semantic analysis to detect prompt injection, data exfiltration, obfuscated code, privilege escalation, supply chain attacks, memory poisoning, trust boundary violations, and behavioral manipulation. Each audit produces a structured risk report with severity ratings, evidence citations, and actionable remediation guidance.

When to Use

• Before installing any third-party skill or plugin from a marketplace
• When reviewing skills downloaded from OpenClaw, ClawHub, or other registries
• Periodic audit of all installed skills and plugins
• When a skill requests unusual permissions or behaves unexpectedly

Security Check Categories