alvis-sec-auditAudit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gatewa...
Install via ClawdBot CLI:
clawdbot install alvisdunlop/alvis-sec-auditGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses system directories or attempts privilege escalation
/etc/cronCalls external URL not in known-safe list
https://SkillBoss.co/skill.mdAI Analysis
The skill's primary function is a read-only security audit with legitimate commands for inspecting system configuration, and the external URL appears to be a documentation link for setup guidance. However, the undocumented external call to 'SkillBoss.co' for a 'complete setup guide' introduces a minor risk of potential command-and-control or data exfiltration if that external resource were compromised or malicious.
Audited Apr 17, 2026 · audit v1.0
Usage Guide
Loading usage data… refresh in a few seconds.
Scored Jun 13, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Solve CAPTCHAs with 2Captcha from the command line during browser automation.