installed-skill-auditor
Installed Skill Auditor
What it does
skill-vetting scans before install. installed-skill-auditor scans after — continuously.
Skills can be modified after installation. A community skill that was safe on Monday can be compromised by Tuesday if the source repo is pushed to and your agent auto-pulls. This skill runs weekly to catch post-install drift: injected payloads, hardcoded credentials, and pattern changes that weren't there at install time.
It maintains a content hash of every skill file at the time it was first audited. On each weekly run it re-hashes and flags anything that changed unexpectedly.
When to invoke
- Automatically, every Monday at 9am (cron)
- Manually after any
git pullthat touches skill directories - After any agent action that writes to the skills tree
Audit checks
| Check | What it detects |
More from archieindian/openclaw-superpowers
context-window-management
Prevents context overflow on long-running OpenClaw sessions. Use when approaching context limits.
28heartbeat-governor
Enforces per-skill execution budgets for scheduled cron skills — pauses runaway skills that exceed their token or wall-clock budget before they drain your monthly API allowance.
27using-superpowers
Bootstrap skill — teaches the agent how to find and invoke skills. Use when starting any new task or session.
23long-running-task-management
Breaks multi-hour tasks into checkpointed stages with resume capability. Use when a task is expected to take more than 30 minutes or multiple sessions.
22fact-check-before-trust
Triggers a secondary verification pass for any agent output containing factual claims, numbers, dates, or named entities before the output is acted on
21persistent-memory-hygiene
Keeps OpenClaw's memory store clean, structured, and useful. Use at session end and during periodic maintenance.
20