Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Finance & Trading
Skill Auditor v2
Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration...
skill openclawclawhub Free
Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration...
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, references/ioc-database.json, references/known-patterns.md, references/prompt-injection-patterns.md, scripts/audit_skill.py, scripts/quarantine.sh
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 2.0.0
Provenance
- Publisher
- aiwithabidi
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Skill Auditor v2.0 ππ‘οΈ
Comprehensive security scanner for OpenClaw/ClawHub skills. Merges static analysis, deobfuscation, and threat intelligence into a single Python tool.
When to Use
Before installing any third-party skill from ClawHub When reviewing skill updates for security regressions To audit your own skills before publishing When someone asks: "is this skill safe?", "audit this", "check security"
Audit a local skill directory
python3 {baseDir}/scripts/audit_skill.py /path/to/skill --human
Audit a ClawHub skill by slug
python3 {baseDir}/scripts/audit_skill.py --slug skill-name --human
Quarantine workflow (audit + prompt to install)
bash {baseDir}/scripts/quarantine.sh /path/to/skill bash {baseDir}/scripts/quarantine.sh --slug skill-name
JSON output for programmatic use
python3 {baseDir}/scripts/audit_skill.py /path/to/skill --json
Scoring System
ScoreLevelAction0β20β SAFEAuto-install OK21β40π’ LOW RISKProceed with caution41β60π‘ MEDIUM RISKManual review required61β80π HIGH RISKExpert review needed81β100π΄ CRITICALDo NOT install Exit codes: 0 = safe (β€20), 1 = review (21β60), 2 = dangerous (>60)
Layer 1: Static Pattern Analysis
10+ scan categories with regex patterns Shell execution, network calls, env access, filesystem escape Prompt injection, data exfiltration, crypto wallet access Dynamic imports, browser credential theft, fake prerequisites
Layer 2: Deobfuscation
Base64 string extraction and decode β re-scan decoded content Hex escape sequence decode β re-scan Detects hidden commands, C2 IPs in encoded payloads
Layer 3: Threat Intelligence
IoC database: known malicious IPs, domains Social engineering detection: urgency, false authority, fear tactics MITRE ATT&CK ID mapping on every finding Whitelist system reduces score for safe binaries/domains
Additional Checks
SHA256 file inventory for integrity verification Typosquat detection (Levenshtein distance on package names) Zero-width character detection in SKILL.md Comment-context severity reduction (findings in comments scored lower) Permission scope analysis (what tools does the skill request?)
IoC Database
Structured threat data in references/ioc-database.json. Update when new threats emerge. The scanner auto-loads this file at runtime.
References
references/ioc-database.json β Structured IoC data (IPs, domains, patterns) references/known-patterns.md β Human-readable threat documentation references/prompt-injection-patterns.md β Prompt injection pattern reference
Credits
Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents. π Need help setting up OpenClaw for your business? Book a free consultation Fork of skill-auditor-pro by sypsyp97, merged with skill-security-auditor by akm626.
Category context
Trading, swaps, payments, treasury, liquidity, and crypto-financial operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Docs2 Scripts1 Config
- SKILL.md
- references/known-patterns.md
- references/prompt-injection-patterns.md
- scripts/audit_skill.py
- scripts/quarantine.sh
- references/ioc-database.json