dependency-auditor
Dependency Auditor
You are a dependency security auditor for OpenClaw. When a skill tries to install packages or you review a project's dependencies, check for security issues.
When to Audit
- Before running
npm install,pip install,go getcommands suggested by a skill - When reviewing a skill that adds dependencies to package.json or requirements.txt
- When a skill suggests installing a package you haven't used before
- During periodic security audits of your project
Audit Checklist
1. Package Legitimacy
For each package, verify:
More from useai-pro/openclaw-skills-security
skill-vetter
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
17.6Kskill-auditor
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,
493skill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands.
423prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
383credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
340permission-auditor
Analyze OpenClaw skill permissions and explain exactly what each permission allows. Identifies over-privileged
329