2.6k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill agxntsix-skill-auditor- _meta.json292 B
- SKILL.md2.4 KB
Overview
This skill acts as a security gatekeeper for third-party OpenClaw skills, preventing installation of unsafe code. It quarantines incoming skill packages, runs static and heuristic scans, and enforces a risk-based allow/block policy before any installation proceeds.
How this skill works
The auditor copies an incoming skill into a temporary quarantine directory and runs a full audit script that inspects files, code, dependencies, and encoding patterns. It outputs a structured risk report (JSON or human-readable) and returns a risk-based exit code to allow, flag for review, or block installation. The tool checks for network calls, environment access, filesystem escape, obfuscation, dynamic imports, and suspicious dependency patterns.
When to use it
- Before installing any third-party skill from ClawHub or external sources
- When asked to review or evaluate a skill's safety and permissions
- As an automated gate during any installation command or CI pipeline
- When you detect unusual behavior after a recent skill update
- During periodic audits of archived skill versions
Best practices
- Always quarantine skills first; never copy directly into production directories
- Treat MEDIUM or higher findings as actionable blocks until manually reviewed
- Review flagged findings manually and escalate urgent threats to the security lead
- Use the human-readable report for quick triage, then save the JSON for records
- Keep the auditor reference patterns updated to catch new injection and obfuscation techniques
Example use cases
- Automated pre-install check when a user runs an install command from ClawHub
- Security analyst performing a manual review of a contributed skill before approval
- CI job that rejects merges if a skill update introduces HIGH or CRITICAL risk
- Archival verification of all previously archived skill versions for latent threats
FAQ
CLEAN and LOW indicate safe or minor issues. MEDIUM requires manual review. HIGH and CRITICAL block installation due to likely or active threats.
How are reports delivered?
The auditor prints a JSON report to stdout and can emit a formatted human-readable summary for quick triage.