What is Skill Auditor v2?

A security scanner that detects malicious code, obfuscated payloads, prompt injection, typosquatting, and data exfiltration in OpenClaw skills, with risk scoring and MITRE mappings.

How do I interpret the risk score?

Scores range from 0 to 100 with defined levels (SAFE to CRITICAL); higher scores indicate greater risk and typically trigger manual or expert review.

What outputs can I use for automation?

Use the --json flag to obtain machine-readable results that can be integrated into CI/CD or security workflows.

Skill Auditor v2

Verified

@aiwithabidi

npx machina-cli add skill @aiwithabidi/skill-auditor-v2 --openclaw

Files (1)

SKILL.md

3.9 KB

Skill Auditor v2.0 🔍🛡️

Comprehensive security scanner for OpenClaw/ClawHub skills. Merges static analysis, deobfuscation, and threat intelligence into a single Python tool.

When to Use

Before installing any third-party skill from ClawHub
When reviewing skill updates for security regressions
To audit your own skills before publishing
When someone asks: "is this skill safe?", "audit this", "check security"

Quick Start

Audit a local skill directory

python3 {baseDir}/scripts/audit_skill.py /path/to/skill --human

Audit a ClawHub skill by slug

python3 {baseDir}/scripts/audit_skill.py --slug skill-name --human

Quarantine workflow (audit + prompt to install)

bash {baseDir}/scripts/quarantine.sh /path/to/skill
bash {baseDir}/scripts/quarantine.sh --slug skill-name

JSON output for programmatic use

python3 {baseDir}/scripts/audit_skill.py /path/to/skill --json

Scoring System

Score	Level	Action
0–20	✅ SAFE	Auto-install OK
21–40	🟢 LOW RISK	Proceed with caution
41–60	🟡 MEDIUM RISK	Manual review required
61–80	🟠 HIGH RISK	Expert review needed
81–100	🔴 CRITICAL	Do NOT install

Exit codes: 0 = safe (≤20), 1 = review (21–60), 2 = dangerous (>60)

Detection Layers

Layer 1: Static Pattern Analysis

10+ scan categories with regex patterns
Shell execution, network calls, env access, filesystem escape
Prompt injection, data exfiltration, crypto wallet access
Dynamic imports, browser credential theft, fake prerequisites

Layer 2: Deobfuscation

Base64 string extraction and decode → re-scan decoded content
Hex escape sequence decode → re-scan
Detects hidden commands, C2 IPs in encoded payloads

Layer 3: Threat Intelligence

IoC database: known malicious IPs, domains
Social engineering detection: urgency, false authority, fear tactics
MITRE ATT&CK ID mapping on every finding
Whitelist system reduces score for safe binaries/domains

Additional Checks

SHA256 file inventory for integrity verification
Typosquat detection (Levenshtein distance on package names)
Zero-width character detection in SKILL.md
Comment-context severity reduction (findings in comments scored lower)
Permission scope analysis (what tools does the skill request?)

IoC Database

Structured threat data in references/ioc-database.json. Update when new threats emerge. The scanner auto-loads this file at runtime.

References

references/ioc-database.json — Structured IoC data (IPs, domains, patterns)
references/known-patterns.md — Human-readable threat documentation
references/prompt-injection-patterns.md — Prompt injection pattern reference

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Fork of skill-auditor-pro by sypsyp97, merged with skill-security-auditor by akm626.

Source

git clone https://clawhub.ai/aiwithabidi/skill-auditor-v2View on GitHub

Overview

Skill Auditor v2 is a security scanner for OpenClaw/ClawHub skills that combines static analysis, deobfuscation, and threat intelligence to inspect skills before installation. It detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration, and assigns a 0–100 risk score with MITRE ATT&CK mappings.

How This Skill Works

It performs static pattern analysis across skill files using regex categories, then applies deobfuscation steps (Base64/Hex), followed by threat intelligence lookups and MITRE mappings. It also maintains an IoC database, computes SHA256 inventories, checks a whitelist, and outputs structured results for automation.

When to Use It

Before installing any third-party skill from ClawHub
When reviewing skill updates for security regressions
To audit your own skills before publishing
When someone asks: is this skill safe?
During production-grade security reviews of new skills

Quick Start

Step 1: Audit a local skill directory python3 {baseDir}/scripts/audit_skill.py /path/to/skill --human
Step 2: Audit a ClawHub skill by slug python3 {baseDir}/scripts/audit_skill.py --slug skill-name --human
Step 3: Get JSON output for automation python3 {baseDir}/scripts/audit_skill.py /path/to/skill --json

Best Practices

Run audit before installing any third-party skill from ClawHub
Use --json for programmatic consumption and automation
Cross-check findings with the IoC database and whitelist
Re-audit after skill updates or when publishing new versions
Review typosquat checks and zero-width characters in SKILL.md

Example Use Cases

Auditing a local skill directory prior to installation
Auditing a ClawHub skill by slug before adding it to a workflow
Running zero-width character and typosquat checks in SKILL.md
Executing the quarantine workflow to inspect and approve a skill
Reviewing updates to detect security regressions in an existing skill

Frequently Asked Questions

Add this skill to your agents