skill-auditor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Static analysis hints regarding prompt injection in
references/threat-patterns.mdandscripts/analyzers/static.jsare false positives. These files contain the detection logic (regex patterns and documentation) used by the auditor to identify attacks in other skills, rather than being injection attempts themselves. - [COMMAND_EXECUTION]: The skill utilizes Node.js
child_processand Pythonsubprocessmodules to execute analysis scripts and dataflow trackers. This functionality is essential for its primary purpose as an auditing tool and is fully disclosed. - [EXTERNAL_DOWNLOADS]: The setup wizard (
scripts/setup.js) offers an opt-in feature to install legitimate security analysis packages (tree-sitter,tree-sitter-python) from official registries via pip. These are well-known developer tools. - [SAFE]: Network operations in
scripts/scan-url.jsandscripts/analyzers/virustotal.jsare used to fetch remote skill content for scanning and check binary reputations, respectively. These actions align with the tool's stated security mission. - [SAFE]: The skill accesses the file system to read local skill directories provided by the user and saves its own configuration to
~/.openclaw/skill-auditor.json, which is standard behavior for local CLI utilities.
Audit Metadata