Skill Security Auditor

Description

The Skill Security Auditor is a command-line tool that performs pattern-based security analysis of ClawHub skills before installation. Given the recent discovery of 341+ malicious skills (ClawHavoc campaign) that distributed Atomic Stealer (AMOS) and stole cryptocurrency credentials, this tool provides essential pre-installation threat detection.

What this skill provides:

• ✅ Bash script (analyze-skill.sh) for local security analysis
• ✅ Threat intelligence database (patterns/malicious-patterns.json)
• ✅ Pattern matching against 20+ known malicious indicators
• ✅ Risk scoring system (0-100 scale)
• ✅ Detailed audit reports with recommendations

How to use it:

1. Install this skill from ClawHub
2. Run the analyze-skill.sh script against any skill (by slug or local file)
3. Review the risk assessment and findings
4. Make informed decision about installation