🧪 Skills
OpenClaw Skill Auditor
Scans ClawHub skills to detect malicious code, obfuscated payloads, and social engineering via pattern matching, deobfuscation, and LLM analysis before insta...
v1.0.0
Description
name: skill-auditor version: 1.0.0 description: Security scanner for ClawHub skills. Detects malicious code, obfuscated payloads, and social engineering before installation. Three-layer analysis: pattern matching, deobfuscation, and LLM intent analysis. author: sypsyp97
Skill Auditor 🔍
Audit ClawHub skills for security threats before installing them.
Triggers
Use this skill when:
- "Audit this skill"
- "Check skill security"
- Before installing any third-party skill
Usage
Method 1: Pre-install audit (recommended)
# Inspect without installing
clawhub inspect <skill-name>
# Run the audit script
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <skill-name>
Method 2: Audit an installed skill
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <skill-path>
Detection Layers
L1: Pattern Matching
| Severity | Pattern | Risk |
|---|---|---|
| 🔴 High | base64.*|.*bash |
Encoded execution |
| 🔴 High | curl.*|.*bash |
Remote script execution |
| 🔴 High | eval\( / exec\( |
Dynamic code execution |
| 🔴 High | Known C2 server IPs | Malicious communication |
| 🟡 Medium | Access to ~/.openclaw/ |
Config theft |
| 🟡 Medium | Reads $API_KEY etc. |
Credential leakage |
| 🟡 Medium | Social engineering keywords | User deception |
| 🟢 Low | Requires sudo | Elevated privileges |
L2: Deobfuscation
Automatically decodes hidden malicious payloads:
- Base64 — Decodes and scans for hidden commands
- Hex — Decodes
\x41\x42format strings - Checks decoded content for C2 servers and dangerous commands
L3: LLM Analysis (optional)
Uses Gemini CLI to analyze suspicious code intent:
- Semantic understanding beyond pattern matching
- Detects novel/unknown threats
- Requires
geminiCLI installed
Known Indicators of Compromise (IoC)
C2 Server IPs
91.92.242.30 # ClawHavoc primary server
Malicious Domains
glot.io # Hosts obfuscated scripts
webhook.site # Data exfiltration endpoint
Social Engineering Keywords
OpenClawDriver # Non-existent "driver"
ClawdBot Driver # Social engineering lure
Required Driver # Tricks users into installing malware
Output Format
═══════════════════════════════════════════
SKILL AUDIT REPORT: <skill-name>
═══════════════════════════════════════════
🔴 HIGH RISK FINDINGS:
[LINE 23] base64 encoded execution detected
[LINE 45] curl|bash pattern found
🟡 MEDIUM RISK FINDINGS:
[LINE 12] Accesses ~/.openclaw/ directory
🟢 LOW RISK FINDINGS:
[LINE 5] Requires sudo for installation
═══════════════════════════════════════════
VERDICT: ❌ DO NOT INSTALL
═══════════════════════════════════════════
Best Practices
- Always audit before install — Never skip the security check
- Trust no skill blindly — Including highly starred or popular ones
- Check updates — Skill updates may introduce malicious code
- Report suspicious skills — Send to steipete@gmail.com
Maintenance
Update this skill when new threats are discovered:
- New malicious IP → Add to
MALICIOUS_IPS - New malicious domain → Add to
MALICIOUS_DOMAINS - New social engineering lure → Add to
SOCIAL_ENGINEERING - New attack pattern → Add regex detection
Update location: variable definitions at the top of scripts/audit.sh
References
Reviews (0)
Sign in to write a review.
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!