agxntsix-skill-auditor_skill

This skill audits and quarantines every third-party skill before installation, preventing unsafe code from entering your environment.
  • Python

2.6k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill agxntsix-skill-auditor

  • _meta.json292 B
  • SKILL.md2.4 KB

Overview

This skill acts as a security gatekeeper for third-party OpenClaw skills, preventing installation of unsafe code. It quarantines incoming skill packages, runs static and heuristic scans, and enforces a risk-based allow/block policy before any installation proceeds.

How this skill works

The auditor copies an incoming skill into a temporary quarantine directory and runs a full audit script that inspects files, code, dependencies, and encoding patterns. It outputs a structured risk report (JSON or human-readable) and returns a risk-based exit code to allow, flag for review, or block installation. The tool checks for network calls, environment access, filesystem escape, obfuscation, dynamic imports, and suspicious dependency patterns.

When to use it

  • Before installing any third-party skill from ClawHub or external sources
  • When asked to review or evaluate a skill's safety and permissions
  • As an automated gate during any installation command or CI pipeline
  • When you detect unusual behavior after a recent skill update
  • During periodic audits of archived skill versions

Best practices

  • Always quarantine skills first; never copy directly into production directories
  • Treat MEDIUM or higher findings as actionable blocks until manually reviewed
  • Review flagged findings manually and escalate urgent threats to the security lead
  • Use the human-readable report for quick triage, then save the JSON for records
  • Keep the auditor reference patterns updated to catch new injection and obfuscation techniques

Example use cases

  • Automated pre-install check when a user runs an install command from ClawHub
  • Security analyst performing a manual review of a contributed skill before approval
  • CI job that rejects merges if a skill update introduces HIGH or CRITICAL risk
  • Archival verification of all previously archived skill versions for latent threats

FAQ

CLEAN and LOW indicate safe or minor issues. MEDIUM requires manual review. HIGH and CRITICAL block installation due to likely or active threats.

How are reports delivered?

The auditor prints a JSON report to stdout and can emit a formatted human-readable summary for quick triage.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational