agents-skill-security-auditMinimal helper to audit skill.md-style instructions for supply-chain risks.
Install via ClawdBot CLI:
clawdbot install cerbug45/agents-skill-security-auditGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
curl .*\| bashCalls external URL not in known-safe list
https://github.com/cerbug45/agents-skill-security-auditAudited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A platform hosting community-contributed AI skill packages uses this tool to automatically scan new submissions for potential supply-chain attacks before approval. It helps maintain trust by flagging skills that attempt unauthorized data exfiltration or access sensitive files, ensuring only safe skills are published.
A company integrating third-party AI skills into its internal systems runs this audit on all skill files during procurement. It identifies risks like hidden network calls or credential access, allowing security teams to vet skills for compliance with data protection policies before deployment.
In a university setting, students learning to create AI skills use this tool to self-audit their projects for best practices. It teaches security awareness by highlighting risky patterns in their code, such as improper file reads or external communications, fostering safe development habits.
A freelance developer auditing client-provided AI skill packages for vulnerabilities employs this tool to quickly generate risk reports. It streamlines the review process by detecting exfiltration attempts and permission issues, enabling efficient delivery of security assessments to clients.
A DevOps team incorporates this audit into their CI/CD pipeline to automatically scan skill files during builds. It prevents deployment of skills with supply-chain risks, such as unauthorized domain calls, by failing builds or generating alerts for high-risk findings.
Offer a basic version of the audit tool for free to attract users, with premium features like detailed analytics, API access, or integration with popular platforms available via subscription. This model leverages widespread adoption in open-source communities to drive paid upgrades for advanced needs.
Provide tailored security audit services based on the tool, including custom rule development, integration support, and training workshops. This model targets organizations needing specialized security assessments or help adapting the tool to their specific AI ecosystems.
Sell licenses to large companies for internal use, including features like batch processing, compliance reporting, and dedicated support. This model capitalizes on the tool's ability to enhance corporate security postures by vetting AI skills across departments.
💬 Integration Tip
Integrate the audit into existing development workflows by adding it as a pre-commit hook or CI step to automate security checks and catch risks early.
Scored Apr 19, 2026
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.