skill-security-auditor-jackAudit third-party or custom skills for permission risk, unsafe commands, and integration safety. Use before: installing a new skill, enabling external script...
Install via ClawdBot CLI:
clawdbot install sunbinnju-star/skill-security-auditor-jackGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdAI Analysis
The skill is a security auditor designed to analyze other skills for risks; its access to sensitive files like /etc/passwd is for inspection purposes, not credential harvesting. There is no evidence of hidden instructions, data exfiltration, or obfuscated malicious behavior.
Audited Apr 17, 2026 · audit v1.0
Generated May 8, 2026
A company wants to install an open-source skill that performs system monitoring. The auditor evaluates its manifest for shell commands, permissions, and install scripts before allowing integration.
A financial services firm plans to use a skill that accesses customer data. The auditor checks for over-privileged permissions and suspicious network calls to ensure compliance.
A development team builds an internal automation skill. The auditor examines its filesystem access and environment variable usage to prevent privilege escalation.
A startup finds a useful skill on an untrusted forum. The auditor flags high risk due to opaque install scripts and recommends rejection or sandboxing.
An organization performs quarterly security reviews. The auditor re-checks all active skills for new vulnerabilities, permission creep, or outdated trust levels.
Offer the auditor as a subscription service integrated into CI/CD pipelines, charging per audit volume.
Provide the tool as part of a security suite for enterprises, with tiered pricing based on number of skills audited.
Basic auditing is free; advanced features like sandbox recommendations and detailed reports require payment.
💬 Integration Tip
To integrate, feed the skill's manifest and metadata into the auditor's input fields and use the output recommendations to decide on adoption and isolation levels.
Scored May 8, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.