skill-auditAudit locally installed agent skills for security/policy issues using the SkillLens CLI (`skilllens scan`, `skilllens config`). Use when asked to scan a skills directory (Codex/Claude) and produce a risk-focused audit report based on each skill's `SKILL.md` and bundled resources.
Install via ClawdBot CLI:
clawdbot install morozRed/skill-auditnpx skilllens scan (or pnpm dlx skilllens scan)pnpm add -g skilllensskilllens config to see configured scan roots and auditor CLI availability.skilllens scan to scan configured roots, or skilllens scan to scan a specific directory.--verbose to see raw auditor output and --force to ignore cached results.~/.codex/skills) unless the user explicitly wants all configured roots.skilllens scan ./skills).skilllens scan [path] [--auditor claude|codex].skipped statuses as “manual review required”, not “safe”.unsafe or suspicious verdicts first.SKILL.md and any referenced scripts/, references/, and assets/.curl | bash, eval, or to fetch-and-execute code.name, path, verdict (safe/suspicious/unsafe), risk (0–100), and bullet issues with concrete evidence (quote or filename).skilllens scanskilllens scan ~/.codex/skillsskilllens scan ~/.codex/skills --force --verboseGenerated Mar 1, 2026
A financial services company uses SkillLens to audit custom AI skills deployed across development teams, ensuring no skills violate data exfiltration or execution policies before production rollout. This proactive scan identifies risky permissions and prevents potential breaches.
A tech community managing a public repository of AI skills runs regular SkillLens audits to flag unsafe code like shell command execution or external downloads. This maintains trust by providing verified, safe skills to users.
A healthcare provider audits locally installed AI skills handling patient data to ensure compliance with HIPAA, using SkillLens to detect skills that might exfiltrate sensitive information or bypass security checks.
A software development firm integrates SkillLens into their CI/CD pipeline to automatically scan new AI skills for risks like prompt injection or overbroad triggers before deployment, reducing manual review overhead.
A university uses SkillLens to audit AI skills in research labs, ensuring students' projects do not include unsafe practices like arbitrary command execution, aligning with institutional IT security policies.
Offer SkillLens as a cloud-based service with automated scanning, reporting, and compliance dashboards for enterprises managing multiple AI agents. Revenue comes from subscription tiers based on scan volume and features.
Provide professional services to organizations for in-depth skill audits, risk assessments, and remediation guidance. This includes on-site training and tailored security policies for AI skill deployment.
Distribute SkillLens as a free CLI tool for basic scans, with premium features like advanced risk scoring, integration APIs, and priority support. Monetize through upgrades for teams and enterprises.
💬 Integration Tip
Integrate SkillLens into existing DevOps workflows using its CLI commands; start with a specific directory scan to avoid overwhelming results and use --verbose for detailed output during initial setup.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.