Skill

security-audit-2

From sundial-org-awesome-openclaw-skills-4

Performs fail-closed security audits on OpenClaw/ClawHub skills and repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence detection, supply-chain hygiene before enabling or installing.

Semgrep

Bash

Python

security

Install

npx claudepluginhub joshuarweaver/cascade-ai-ml-agents-misc-2 --plugin sundial-org-awesome-openclaw-skills-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

A hostile-by-design, **fail-closed** audit workflow for codebases and OpenClaw/ClawHub skills.

Supporting Assets

CHANGELOG.mdREADME.mddocs/OPENCLAW_SKILL_MANIFEST_SCHEMA.mddocs/README_ZERO_TRUST_INSTALL.mdopenclaw-skill.jsonscripts/hostile_audit.pyscripts/run_audit_json.shscripts/security_audit.sh

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Stars586

Forks75

Last CommitFeb 1, 2026

Actions

View Source View Plugin View on GitHub View README

security-audit

A hostile-by-design, fail-closed audit workflow for codebases and OpenClaw/ClawHub skills.

It does not try to answer “does this skill work?”. It tries to answer: “can this skill betray the system?”

What it checks (high level)

This skill’s scripts combine multiple layers:

Secrets / credential leakage: trufflehog
Static analysis: semgrep (auto rules)
Hostile repo audit (custom): prompt-injection signals, persistence mechanisms, suspicious artifacts, dependency hygiene

If any layer fails, the overall audit is FAIL.

Run an audit (JSON)

From this skill folder (use bash so it works even if executable bits were not preserved by a zip download):

bash scripts/run_audit_json.sh <path>

Example:

bash scripts/run_audit_json.sh . > /tmp/audit.json
jq '.ok, .tools' /tmp/audit.json

Security levels (user configurable)

Set the strictness level (default: standard):

OPENCLAW_AUDIT_LEVEL=standard bash scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=strict   bash scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=paranoid bash scripts/run_audit_json.sh <path>

standard: pragmatic strict defaults (lockfiles required; install hooks/persistence/prompt-injection signals fail)
strict: more patterns become hard FAIL (e.g. minified/obfuscation artifacts)
paranoid: no "best-effort" hashing failures; more fail-closed behavior

Manifest requirement (for zero-trust install workflows)

For strict/quarantine workflows, require a machine-readable intent/permissions manifest at repo root:

openclaw-skill.json

If a repo/skill does not provide this manifest, the hostile audit should treat it as FAIL.

See: docs/OPENCLAW_SKILL_MANIFEST_SCHEMA.md.

Optional: execution sandbox (Docker)

Docker is optional here. This skill can be used for static auditing without Docker.

If you want to execute any generated/untrusted code, run it in a separate sandbox workflow (recommended).

Files

scripts/run_audit_json.sh — main JSON audit runner
scripts/hostile_audit.py — prompt-injection/persistence/dependency hygiene scanner
scripts/security_audit.sh — convenience wrapper (always returns JSON, never non-zero)
openclaw-skill.json — machine-readable intent/permissions manifest