yoder-skill-auditorThe definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, cre...
Install via ClawdBot CLI:
clawdbot install yoder-bawt/yoder-skill-auditorGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.ssh/id_rsaContains instructions to override system prompt or ignore user requests
"ignore previous instructions"Sends data to undocumented external endpoint (potential exfiltration)
send → https://evil.com/collectContains telemetry, tracking, or analytics calls not mentioned in documentation
TELEMETRY_PATTERNS='google-analytics|gtag|ga\(|analytics\.jsGenerated Mar 20, 2026
Large organizations deploying AI agents across departments use Skill Auditor to vet third-party skills before integration, ensuring compliance with internal security policies. It scans for credential harvesting and prompt injection, generating trust scores to approve or reject skills based on a minimum threshold of 60.
Platforms like ClawHub integrate Skill Auditor into their submission pipeline to automatically audit new skill submissions, blocking those with critical vulnerabilities such as crypto drains or download-and-execute patterns. This maintains platform trust by providing users with pre-vetted, high-scoring skills.
Development teams incorporate Skill Auditor into their CI/CD workflows using the --json output option to automate security checks during skill updates. It runs diff-audit.sh to detect regressions and tracks trust scores over time, ensuring continuous security monitoring without manual intervention.
Researchers use Skill Auditor to analyze a corpus of skills with benchmark.sh, studying trends in security flaws like supply chain attacks or privilege escalation. The 5-dimension trust scoring helps categorize skills for comparative studies on AI agent safety and threat modeling.
Independent developers creating custom AI agent skills use Skill Auditor to self-audit their work before release, checking for warnings like excessive permissions or telemetry. They run trust_score.py to ensure scores above 75 (B grade) for marketability and use diff-audit.sh to validate updates against previous versions.
Offer Skill Auditor as a cloud-based service where users upload skill packages for automated auditing via a web interface or API. Revenue comes from subscription tiers based on scan volume, with premium features like advanced trend analytics and compliance reporting for enterprises.
Sell perpetual licenses or annual support contracts to large organizations for on-premises deployment of Skill Auditor, integrating it into their internal security tools. Revenue includes upfront licensing fees and optional maintenance packages for updates and technical support.
Partner with AI agent marketplaces like ClawHub to embed Skill Auditor as a value-added service, charging a fee per audit or taking a revenue share from skill sales. This model leverages the platform's user base to drive adoption while enhancing marketplace security and trust.
💬 Integration Tip
Integrate Skill Auditor early in development pipelines using audit.sh for quick scans and trust_score.py for scoring; utilize the --json output for seamless CI/CD automation and data logging.
Scored Apr 19, 2026
Potentially destructive shell commands in tool definitions
curl | bashAccesses system directories or attempts privilege escalation
sudo cpCalls external URL not in known-safe list
https://webhook.site/abc123Audited Apr 17, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.