# Send Agent Security Auditor to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "agent-security-auditor",
    "name": "Agent Security Auditor",
    "source": "tencent",
    "type": "skill",
    "category": "金融交易",
    "sourceUrl": "https://clawhub.ai/aviclaw/agent-security-auditor",
    "canonicalUrl": "https://clawhub.ai/aviclaw/agent-security-auditor",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/agent-security-auditor",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-auditor",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "package.json",
      "references/ERC-8004.md",
      "registration.json",
      "scripts/audit.js"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "agent-security-auditor",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-25T23:13:42.098Z",
      "expiresAt": "2026-05-02T23:13:42.098Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-auditor",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-auditor",
        "contentDisposition": "attachment; filename=\"agent-security-auditor-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "agent-security-auditor"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/agent-security-auditor"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/agent-security-auditor",
    "downloadUrl": "https://openagent3.xyz/downloads/agent-security-auditor",
    "agentUrl": "https://openagent3.xyz/skills/agent-security-auditor/agent",
    "manifestUrl": "https://openagent3.xyz/skills/agent-security-auditor/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/agent-security-auditor/agent.md"
  }
}
```
## Documentation

### Agent Security Auditor

Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.

### Overview

This skill audits ERC-8004 Trustless Agents by querying the Identity Registry and analyzing agent metadata for common security issues. It helps identify potentially malicious or misconfigured agents before interacting with them.

### Features

Identity Registry Query: Fetches agent metadata from the ERC-8004 Identity Registry
Metadata Validation: Checks for missing, empty, or suspicious metadata
Endpoint Security: Analyzes service endpoints for red flags
x402 Payment Analysis: Validates payment configuration
Reputation Check: Queries the Reputation Registry for feedback signals
Verification Status: Checks if endpoints are verified via domain control

### Usage

# Run the audit script directly with Node.js
node scripts/audit.js <agent-address> [options]

# Options:
#   --rpc <url>        RPC endpoint URL (default: https://eth.llamarpc.com)
#   --chain <id>       Chain ID (default: 1)
#   --output <file>    Output file for JSON report
#   --verbose          Enable verbose logging

### Example

# Audit an agent on Ethereum mainnet
node scripts/audit.js 0x742d35Cc6634C0532925a3b844Bc9e7595f8bE21

# Audit with custom RPC
node scripts/audit.js 0x742d35Cc6634C0532925a3b844Bc9e7595f8bE21 --rpc https://mainnet.infura.io/v3/YOUR_KEY

# Save report to file
node scripts/audit.js 0x742d35Cc6634C0532925a3b844Bc9e7595f8bE21 --output report.json

### Critical Issues

Missing or empty metadata (no name, description)
No registered services/endpoints
Invalid or unreachable agent URI
No agent wallet configured

### High Severity Issues

Unverified endpoints (no domain control proof)
Suspicious endpoint patterns (localhost, IP addresses, unusual ports)
No x402 payment support warning
No reputation signals

### Medium Severity Issues

No validation registrations
Missing supportedTrust indicators
Inactive agent status

### Info

Reputation score summary
Validation count
Service endpoint count

### Architecture

agent-security-auditor/
├── SKILL.md           # This file
├── scripts/
│   └── audit.js       # Main audit logic
└── references/
    └── ERC-8004.md    # ERC-8004 specification reference

### Dependencies

ethers.js ^6.x - Ethereum blockchain interaction
node-fetch or built-in fetch - HTTP requests for off-chain metadata

### Exit Codes

0 - Audit completed successfully
1 - Invalid agent address
2 - Blockchain connection error
3 - Critical error during audit

### Notes

Requires internet connection for RPC calls and metadata fetching
Some checks require off-chain metadata fetching which may be slow
Reputation and validation registries are optional deployments
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: aviclaw
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-25T23:13:42.098Z
- Expires at: 2026-05-02T23:13:42.098Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/agent-security-auditor)
- [Send to Agent page](https://openagent3.xyz/skills/agent-security-auditor/agent)
- [JSON manifest](https://openagent3.xyz/skills/agent-security-auditor/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/agent-security-auditor/agent.md)
- [Download page](https://openagent3.xyz/downloads/agent-security-auditor)