2.5k
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill jason-security-audit- _meta.json291 B
- audit.py11.8 KB
- README.md5.4 KB
- SKILL.md4.6 KB
Overview
This skill performs an automated security audit of external resources before you trust or execute them. It inspects downloaded skills, cloned GitHub repositories, and arbitrary files to detect malicious code, suspicious executables, and content mismatches. The goal is to block or flag high-risk artifacts and provide actionable findings for safe decision-making.
How this skill works
The skill scans file types to classify risk (source files, text, executables, unknown binaries) and runs content analysis for dangerous patterns like base64 payloads, obfuscation, shellcode signatures, and direct network calls. It compares README or manifest claims with actual code presence, flags large single-line files and encrypted content, and produces pass/warning/critical reports with recommendations. You can run it locally or integrate it into clone/install workflows so audits run automatically before execution.
When to use it
- After cloning a GitHub repository
- Before running downloaded skills or scripts
- When installing tools from untrusted sources
- When receiving archives or attachments from unknown senders
Best practices
- Always run the audit before executing external code or installers
- Review any warnings manually; heuristics can produce false positives
- Do not execute blocked executables; delete or investigate further
- Use isolated environments (VMs, containers) for testing flagged resources
- Keep the audit signatures and heuristics up to date
Example use cases
- Audit a newly cloned open-source project before running build or install steps
- Scan a downloaded skill package prior to adding it to your agent runtime
- Inspect an archive received from a third party for hidden executables or obfuscated payloads
- Integrate the audit into CI or post-clone hooks to enforce safety gates
- Validate that README claims match repository contents before trusting functionality
FAQ
No. This skill provides heuristic checks and automation to reduce risk but is not a full antivirus. Always perform manual review for critical assets.
What triggers a critical block?
Critical blocks occur for high-risk artifacts like standalone executables with no source, large single-line files indicative of shellcode, or clear README-to-code mismatches that imply deception.