Назад към всички

skill-trust-auditor

// Audit a ClawHub skill for security risks BEFORE installation.

$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
nameskill-trust-auditor
descriptionAudit a ClawHub skill for security risks BEFORE installation.
version1.1.3
metadata[object Object]

Skill Trust Auditor

Audit any ClawHub skill for security risks before installation.

🛠️ Installation

1. Ask OpenClaw (Recommended)

Tell OpenClaw: "Install the skill-trust-auditor skill." The agent will handle the installation and configuration automatically.

2. Manual Installation (CLI)

If you prefer the terminal, run:

clawhub install skill-trust-auditor

Setup (first run only)

bash scripts/setup.sh

Audit a Skill

When user says "audit [skill-name]" or "is [skill-name] safe" or before any clawhub install:

bash scripts/audit.sh [skill-name-or-url]
# Example:
bash scripts/audit.sh steipete/clawhub
bash scripts/audit.sh https://clawhub.ai/someuser/someskill

Output:

{
  "skill": "someuser/someskill",
  "trust_score": 72,
  "verdict": "INSTALL WITH CAUTION",
  "risks": [
    {"level": "HIGH", "pattern": "curl to external domain", "location": "scripts/sync.sh:14"},
    {"level": "MEDIUM", "pattern": "reads MEMORY.md", "location": "SKILL.md:23"}
  ],
  "safe_patterns": ["no env var access", "no self-modification"],
  "author_verified": false,
  "recommendation": "Review scripts/sync.sh:14 before installing. The external curl call could exfiltrate data."
}

Post to user with clear summary:

🛡️ Trust Audit: someuser/someskill
Score: 72/100 — ⚠️ INSTALL WITH CAUTION

🔴 HIGH: curl to unknown domain in scripts/sync.sh:14
🟡 MEDIUM: reads your MEMORY.md

Recommendation: Inspect line 14 of sync.sh before proceeding.
Run: clawhub show someuser/someskill --file scripts/sync.sh

Trust Score Guide

ScoreVerdictAction
90-100✅ SAFEInstall freely
70-89⚠️ CAUTIONReview flagged items first
50-69🟠 RISKYOnly if you understand the risks
0-49🔴 DO NOT INSTALLHigh probability of malicious intent

Risk Pattern Reference

HIGH RISK (-30 each):

  • process.env access in scripts
  • curl/wget to non-standard domains
  • Reading ~/.config or ~/.openclaw directly
  • exec() with user-controlled input
  • Instructions to modify SOUL.md/AGENTS.md/openclaw.json

MEDIUM RISK (-10 each):

  • Any outbound API calls (even to known services)
  • File writes outside workspace
  • Reading MEMORY.md or diary files

LOW RISK (-3 each):

  • web_fetch to standard domains
  • Read-only file access in workspace

Auto-Audit Mode

Optionally prepend audit to every install:

# Add to your shell aliases:
alias clawhub-safe='bash ~/.openclaw/workspace/skills/skill-trust-auditor/scripts/audit.sh $1 && clawhub install $1'

ClawHavoc Pattern Reference

See references/clawhavoc-patterns.md for known malicious patterns from the February 2026 incident. Update this file when new incidents are reported.