⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🔐 Security & Audit

skill-trust-auditorv1.1.3

Name: skill-trust-auditor
Author: JonathanJing

skill-trust-auditor

JonathanJing

Audit a ClawHub skill for security risks BEFORE installation.

securitysecurity-scan

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

587

Stars

CreatedFeb 23, 2026

UpdatedMar 4, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install JonathanJing/skill-trust-auditor

Skill Package9 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B51/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation2/35

· No tracked installs (may still have manual users)
· 397 downloads (low demand)

Documentation19/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description

Package Completeness11/15

· skillAssets present (8 files)
· Includes README/AGENTS doc

Security Analysis

🔴 High Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

~/.aws/credentials

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

POST → https://attacker.com

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

curl | bash

SUSPICIOUS_PERMISSIONSmedium

Accesses system directories or attempts privilege escalation

/etc/cron

💡

Usage Guide

Generated Mar 21, 2026

IT security professionalsAI developers and freelancersOpen source community maintainersbeginner

💡 Application Scenarios

Enterprise AI Security ComplianceTechnology and Finance

Large organizations deploying ClawHub skills across teams use this skill to enforce security reviews before installation, ensuring compliance with internal policies and preventing unauthorized data exfiltration. It helps IT departments audit third-party skills for risks like external API calls or file access, reducing vulnerabilities in AI workflows.

Freelancer AI Tool SafetyConsulting and Software Development

Independent developers and freelancers rely on this skill to vet ClawHub skills before integrating them into client projects, avoiding malicious code that could compromise sensitive data. It provides a quick trust score and detailed risk breakdown, enabling informed decisions without deep security expertise.

Educational AI ResearchEducation and Research

Academic institutions and researchers use the skill to audit ClawHub skills in lab environments, ensuring safe experimentation with AI agents while teaching students about security patterns. It helps identify high-risk behaviors like unauthorized memory access, fostering secure coding practices.

Startup AI Product DevelopmentStartups and SaaS

Startups building AI-powered products leverage this skill to screen community-contributed skills for security flaws before deployment, protecting intellectual property and user data. The auto-audit mode streamlines safe installations, allowing rapid iteration without compromising on safety.

Open Source Community ModerationOpen Source and Non-Profit

Open source maintainers and community moderators employ the skill to review new ClawHub skill submissions for malicious patterns, such as self-modification or external calls, ensuring the ecosystem remains trustworthy. It automates initial audits, reducing manual review burden and enhancing transparency.

💼 Business Models

Freemium Security ToolSubscription fees from enterprise plans

Offer a basic free version for individual users with core audit features, and a premium tier for enterprises with advanced reporting, API access, and team management. Revenue comes from subscriptions, targeting businesses needing compliance and automated security workflows.

Consulting and Integration ServicesService fees and retainer contracts

Provide paid consulting services to help organizations integrate the skill into their CI/CD pipelines, customize risk patterns, and conduct deep security audits. Revenue is generated through project-based fees and ongoing support contracts for high-risk industries.

Marketplace for Audited SkillsListing fees, commissions, and premium features

Create a curated marketplace where only skills passing a minimum trust score are listed, charging listing fees or commissions from developers. Revenue streams include premium placements, certification badges, and partnerships with skill creators to promote safe installations.

💬 Integration Tip

Integrate the skill into your ClawHub workflow by setting up the auto-audit mode as a shell alias to automatically check skills before installation, ensuring consistent security reviews without manual intervention.