sona-security-auditFail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.
Install via ClawdBot CLI:
clawdbot install virtaava/sona-security-auditA hostile-by-design, fail-closed audit workflow for codebases and OpenClaw/ClawHub skills.
It does not try to answer βdoes this skill work?β.
It tries to answer: βcan this skill betray the system?β
This skillβs scripts combine multiple layers:
If any layer fails, the overall audit is FAIL.
From this skill folder (use bash so it works even if executable bits were not preserved by a zip download):
bash scripts/run_audit_json.sh <path>Example:
bash scripts/run_audit_json.sh . > /tmp/audit.json
jq '.ok, .tools' /tmp/audit.jsonSet the strictness level (default: standard):
OPENCLAW_AUDIT_LEVEL=standard bash scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=strict bash scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=paranoid bash scripts/run_audit_json.sh <path>standard: pragmatic strict defaults (lockfiles required; install hooks/persistence/prompt-injection signals fail)strict: more patterns become hard FAIL (e.g. minified/obfuscation artifacts)paranoid: no "best-effort" hashing failures; more fail-closed behaviorFor strict/quarantine workflows, require a machine-readable intent/permissions manifest at repo root:
openclaw-skill.jsonIf a repo/skill does not provide this manifest, the hostile audit should treat it as FAIL.
See: docs/OPENCLAW_SKILL_MANIFEST_SCHEMA.md.
Docker is optional here. This skill can be used for static auditing without Docker.
If you want to execute any generated/untrusted code, run it in a separate sandbox workflow (recommended).
scripts/run_audit_json.sh β main JSON audit runnerscripts/hostile_audit.py β prompt-injection/persistence/dependency hygiene scannerscripts/security_audit.sh β convenience wrapper (always returns JSON, never non-zero)openclaw-skill.json β machine-readable intent/permissions manifestGenerated Mar 1, 2026
Used by platforms like ClawHub to vet third-party AI skills before listing, ensuring they don't contain hidden malicious code like prompt injections or credential leaks. This prevents supply-chain attacks in developer ecosystems.
Integrated into CI/CD pipelines to automatically audit code repositories for security flaws before deployment. It checks for secrets exposure, static vulnerabilities, and suspicious artifacts, enforcing fail-closed policies in automated workflows.
Employed by enterprises to audit custom AI agent skills for compliance with internal security standards, detecting persistence mechanisms or unauthorized dependencies that could compromise system integrity.
Used in training programs to teach developers about security best practices by scanning codebases for common vulnerabilities like prompt injection signals and poor dependency hygiene, providing actionable feedback.
Applied in high-security environments to enforce strict auditing of all external code imports, requiring machine-readable manifests and failing audits if any layer detects threats, ensuring trust in software components.
Offer the audit tool as a cloud-based service with tiered pricing based on scan volume and security levels (standard, strict, paranoid). Revenue comes from monthly subscriptions for teams and enterprises.
Sell perpetual licenses or annual subscriptions for on-premises deployment, customized for large organizations needing integration with existing DevSecOps tools and compliance reporting features.
Provide a free basic version for individual developers or small projects, with advanced features like paranoid-level audits, detailed reporting, and priority support available through paid upgrades.
π¬ Integration Tip
Integrate via shell scripts in CI/CD pipelines or use the JSON output for automated decision-making; ensure required binaries like jq, trufflehog, and semgrep are installed first.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.