jason-security-audit_skill

This skill performs automated security audits of external resources before execution, detecting malicious code and mismatches to protect your environment.
  • Python

2.5k

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill jason-security-audit

  • _meta.json291 B
  • audit.py11.8 KB
  • README.md5.4 KB
  • SKILL.md4.6 KB

Overview

This skill performs an automated security audit of external resources before you trust or execute them. It inspects downloaded skills, cloned GitHub repositories, and arbitrary files to detect malicious code, suspicious executables, and content mismatches. The goal is to block or flag high-risk artifacts and provide actionable findings for safe decision-making.

How this skill works

The skill scans file types to classify risk (source files, text, executables, unknown binaries) and runs content analysis for dangerous patterns like base64 payloads, obfuscation, shellcode signatures, and direct network calls. It compares README or manifest claims with actual code presence, flags large single-line files and encrypted content, and produces pass/warning/critical reports with recommendations. You can run it locally or integrate it into clone/install workflows so audits run automatically before execution.

When to use it

  • After cloning a GitHub repository
  • Before running downloaded skills or scripts
  • When installing tools from untrusted sources
  • When receiving archives or attachments from unknown senders

Best practices

  • Always run the audit before executing external code or installers
  • Review any warnings manually; heuristics can produce false positives
  • Do not execute blocked executables; delete or investigate further
  • Use isolated environments (VMs, containers) for testing flagged resources
  • Keep the audit signatures and heuristics up to date

Example use cases

  • Audit a newly cloned open-source project before running build or install steps
  • Scan a downloaded skill package prior to adding it to your agent runtime
  • Inspect an archive received from a third party for hidden executables or obfuscated payloads
  • Integrate the audit into CI or post-clone hooks to enforce safety gates
  • Validate that README claims match repository contents before trusting functionality

FAQ

No. This skill provides heuristic checks and automation to reduce risk but is not a full antivirus. Always perform manual review for critical assets.

What triggers a critical block?

Critical blocks occur for high-risk artifacts like standalone executables with no source, large single-line files indicative of shellcode, or clear README-to-code mismatches that imply deception.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
jason-security-audit skill by openclaw/skills | VeilStrat