skill-auditAudit locally installed agent skills for security/policy issues using the SkillLens CLI (`skilllens scan`, `skilllens config`). Use when asked to scan a skills directory (Codex/Claude) and produce a risk-focused audit report based on each skill's `SKILL.md` and bundled resources.
Install via ClawdBot CLI:
clawdbot install morozRed/skill-auditGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
curl | bashAudited Apr 16, 2026 · audit v1.0
Generated Mar 1, 2026
A financial services company uses SkillLens to audit custom AI skills deployed across development teams, ensuring no skills violate data exfiltration or execution policies before production rollout. This proactive scan identifies risky permissions and prevents potential breaches.
A tech community managing a public repository of AI skills runs regular SkillLens audits to flag unsafe code like shell command execution or external downloads. This maintains trust by providing verified, safe skills to users.
A healthcare provider audits locally installed AI skills handling patient data to ensure compliance with HIPAA, using SkillLens to detect skills that might exfiltrate sensitive information or bypass security checks.
A software development firm integrates SkillLens into their CI/CD pipeline to automatically scan new AI skills for risks like prompt injection or overbroad triggers before deployment, reducing manual review overhead.
A university uses SkillLens to audit AI skills in research labs, ensuring students' projects do not include unsafe practices like arbitrary command execution, aligning with institutional IT security policies.
Offer SkillLens as a cloud-based service with automated scanning, reporting, and compliance dashboards for enterprises managing multiple AI agents. Revenue comes from subscription tiers based on scan volume and features.
Provide professional services to organizations for in-depth skill audits, risk assessments, and remediation guidance. This includes on-site training and tailored security policies for AI skill deployment.
Distribute SkillLens as a free CLI tool for basic scans, with premium features like advanced risk scoring, integration APIs, and priority support. Monetize through upgrades for teams and enterprises.
💬 Integration Tip
Integrate SkillLens into existing DevOps workflows using its CLI commands; start with a specific directory scan to avoid overwhelming results and use --verbose for detailed output during initial setup.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.