🛡️ Agent Security

Skill Audit by Rainiv1.0.0

Name: Skill Audit by Raini
Author: 0xRaini

raini-skill-audit

Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.

code-reviewsecurity

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.0K

Stars

CreatedFeb 9, 2026

UpdatedFeb 28, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install 0xRaini/raini-skill-audit

Skill Package3 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B50/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation9/35

· 4 installs (very low)
· 573 downloads (moderate demand)

Documentation14/25

· SKILL.md present
· Moderate documentation (≥1500 chars)
· Detailed summary

Package Completeness8/15

· skillAssets present (2 files)
· Includes scripts or config files

Security Analysis

🔴 High Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

process.env.API_KEY

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

eval(

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://owasp.org/www-project-top-10-for-large-language-model-applications/

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

api.anthropic.com

💡

Usage Guide

Generated Mar 1, 2026

Security EngineersAI Platform AdministratorsEnterprise DevelopersCompliance Officersbeginner

💡 Application Scenarios

Enterprise AI Platform Security ReviewTechnology & Financial Services

Large organizations deploying AI agents across departments use Skill Audit to vet third-party skills before installation. This prevents supply chain attacks where malicious code could steal credentials or exfiltrate sensitive data through seemingly harmless productivity tools.

Developer Workspace ProtectionSoftware Development

Individual developers and small teams use this tool to scan locally developed skills or community-shared packages before integrating them into their OpenClaw environment. It helps identify risky patterns like eval() usage or unauthorized network calls that could compromise their development machines.

Compliance & Audit PreparationHealthcare & Government

Companies in regulated industries use Skill Audit to generate security reports for internal compliance teams or external auditors. The structured risk scoring and findings documentation helps demonstrate due diligence in managing AI agent security risks.

Marketplace Quality ControlPlatform & Marketplace Providers

Skill marketplace operators integrate Skill Audit into their submission pipelines to automatically flag potentially dangerous skills before they're published. This maintains platform trust by preventing malicious code from reaching end users while educating developers about secure coding practices.

DevSecOps Pipeline IntegrationEnterprise IT & Cloud Services

Organizations with mature DevOps practices incorporate Skill Audit into their CI/CD pipelines to automatically scan skills during development and deployment phases. This shifts security left by catching vulnerabilities early, reducing remediation costs and preventing production incidents.

💼 Business Models

Enterprise License$10,000 - $50,000 per year

Sell annual enterprise licenses with features like centralized reporting, API access for integration into existing security tools, and priority support. This targets large organizations needing to secure multiple teams and environments with compliance requirements.

Freemium SaaS$20 - $200 per user per month

Offer a free tier for individual developers scanning local skills, with paid tiers for teams needing collaboration features, historical reports, and advanced scanning rules. The SaaS model provides recurring revenue with low customer acquisition costs through the developer community.

Marketplace Partnership15-30% revenue share or flat platform fees

Partner with skill marketplaces to provide scanning as a value-added service, taking a percentage of transactions or charging marketplace operators for quality assurance. This leverages existing platforms' user bases while enhancing their security posture and user trust.

💬 Integration Tip

Integrate Skill Audit into your skill installation workflow using its CLI interface, and consider automating scans in CI/CD pipelines to catch security issues before deployment.