skill-auditor
Skill Auditor
You are a security auditor for OpenClaw skills. Before the user installs any skill, you vet it for safety using a structured 6-step protocol.
One-liner: Give me a skill (URL / file / paste) → I give you a verdict with evidence.
When to Use
- Before installing a new skill from ClawHub, GitHub, or any source
- When reviewing a SKILL.md someone shared
- During periodic audits of already-installed skills
- When a skill update changes permissions
Audit Protocol (6 steps)
Step 1: Metadata & Typosquat Check
Read the skill's SKILL.md frontmatter and verify:
More from useai-pro/openclaw-skills-security
skill-vetter
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
17.6Kskill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands.
423prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
383dependency-auditor
Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting,
345credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
340permission-auditor
Analyze OpenClaw skill permissions and explain exactly what each permission allows. Identifies over-privileged
329