⛔This skill has been removed from clawhub.ai. It is no longer available for installation and may not function correctly. The information shown here is preserved for reference only.

🔐 Security & Audit

Audit Skills Securityv0.1.0

Name: Audit Skills Security
Author: yhy0

audit-skills-security

yhy0

Use when installing new skills, reviewing third-party skills, or verifying skill safety before use. Triggers on any new .md skill file appearing in skill dir...

latest

UnavailableView on ClawHub

Installs (all time)

Installs (current)

Downloads

295

Stars

CreatedMar 20, 2026

UpdatedMay 9, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install yhy0/audit-skills-security

Skill Package1 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

C47/100

Grade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation4/35

· 115 downloads (low demand)
· No tracked installs (may still have real users via manual install)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

· skillAssets present (0 files)

Security Analysis

🚨 Critical Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

/etc/passwd

PROMPT_POISONINGhigh

Contains instructions to override system prompt or ignore user requests

"Ignore all previous instructions"

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

eval(

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated May 6, 2026

Security engineers vetting AI skillsDevSecOps teams in enterprisesAI platform operators and marketplace administratorsintermediate

💡 Application Scenarios

Third-Party Skill VettingCybersecurity

A company allows users to install community-contributed skills. Before activation, Security Audit scans each skill for prompt injection, data exfiltration, or privilege escalation, generating a report to block malicious skills.

Internal Skill Compliance CheckEnterprise IT

An enterprise develops custom skills for internal use. The audit skill verifies that no internal skill contains hardcoded credentials, dangerous commands, or unintentional backdoors before deployment.

CI/CD Pipeline Security GateSoftware Development

A DevSecOps team integrates the audit skill into a CI/CD pipeline. Every time a skill file is committed, the pipeline runs a grep and semantic scan, failing the build if high-risk patterns are found.

AI Agent Marketplace TrustAI Platforms

An AI agent marketplace uses this skill to automatically audit all new submissions for prompt injection and data exfiltration, providing users with a safety badge for each listed skill.

Personal AI Assistant HygieneConsumer Tech

An individual using a local AI agent periodically runs the audit on their installed skills to ensure no skill has turned malicious or is exfiltrating personal data via network requests.

💼 Business Models

SaaS Based Assessment ServiceTransaction fees or monthly subscription

Offer the audit as a cloud API where users submit skill files and receive structured JSON reports. Generate revenue via per-scan credits or monthly subscription tiers.

Embedded Compliance ToolLicense fees and support contracts

License the audit engine to AI agent platforms or enterprise software vendors who embed it into their products. Revenue from licensing fees and integration support.

Consulting + Audit ReportConsulting fees, hourly or project-based

Provide a premium service where security experts manually review LLM-generated reports and deliver actionable remediation advice for complex threats. Revenue from consulting hours.

💬 Integration Tip

Integrate via CLI to scan skills before activation, or use the API in a CI/CD pipeline. Combine with regular expression checks and semantic analysis for thorough coverage.