DISABLE_TELEMETRY=1 to opt out before using. klemenska-security-auditorScan and audit installed skills for security risks, suspicious patterns, and permission overreach. Use when: (1) before installing a new skill; (2) periodica...
Install via ClawdBot CLI:
clawdbot install klemenska/klemenska-security-auditorGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.ssh/id_rsaSends data to undocumented external endpoint (potential exfiltration)
post → https://malicious.comPotentially destructive shell commands in tool definitions
eval(Calls external URL not in known-safe list
https://malicious.comGenerated May 9, 2026
A development team evaluates a new third-party skill before integrating it into their AI assistant. The audit scans for suspicious patterns, overreaching permissions, and known vulnerabilities, ensuring the skill is safe to use.
A financial compliance officer conducts weekly scans of all installed skills to detect any changes in behavior or new security risks. This helps maintain regulatory compliance and protect sensitive financial data.
After noticing unusual network activity from a skill used for patient data processing, a healthcare IT team performs a deep audit to check for data exfiltration or unauthorized access, ensuring patient privacy.
An enterprise IT administrator reviews permissions of skills used by employees to ensure no skill has unnecessary access to files or system resources, preventing potential data leaks or insider threats.
A SaaS company compares the security posture of two similar skills from different vendors before deciding which to bundle with their product, using the skill's comparison feature to assess risk levels.
Offer basic security scans for free (e.g., quick scan) and charge for detailed audits, deep analysis, and report generation. Revenue from premium subscriptions or per-audit fees.
Provide the auditing tool as part of a broader security suite for enterprise customers, including integration with CI/CD pipelines and custom rule sets. Revenue from annual contracts.
Integrate the auditor into a skill marketplace, offering automatic security checks for listed skills. Charge a commission or listing fee from skill developers who pass audits, or a transparency fee for verified safe skills.
💬 Integration Tip
To maximize effectiveness, integrate the audit script into your CI/CD pipeline to automatically scan new skills before deployment, and schedule periodic scans for installed skills.
Scored May 9, 2026
AI Analysis
The skill contains direct evidence of credential harvesting (accessing ~/.ssh/id_rsa) and confirmed data exfiltration to a malicious external endpoint (https://malicious.com). These actions are fundamentally malicious and unrelated to the skill's stated purpose of security auditing.
Audited Apr 17, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.
无损回忆技能。对对话或会话记录做本地蒸馏,提取身份信息、偏好、任务和长期知识,剔除噪声并保留可追溯日志。
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.