test2894-0406Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).
Install via ClawdBot CLI:
clawdbot install buffedon/test2894-0406Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdPotentially destructive shell commands in tool definitions
rm -rf /Accesses system directories or attempts privilege escalation
/etc/sudoersCalls external URL not in known-safe list
https://safeskill.qianxin.comUsage Guide
Loading usage data… refresh in a few seconds.
Scored Apr 19, 2026
AI Analysis
The skill's primary function is security auditing and logging of other skills, which is a legitimate defensive purpose. While it can query an external QianXin API, this is optional, user-configured, and uses a hash of the skills bundle rather than uploading raw code, limiting data exposure. The rule-based signals found (like credential access patterns) appear to be examples of what the skill detects in *other* skills, not actions the audit skill itself performs.
Audited Apr 17, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.