Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Yoder Skill Auditor
The definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, cre...
skill openclawclawhub Free
The definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, cre...
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- CHANGELOG.md, SKILL.md, TEST-FIXTURES-WARNING.md, allowlist.json, audit-all.sh, audit.sh
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 3.1.0
Provenance
- Publisher
- yoder-bawt
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Skill Auditor v3.1.0
The definitive security scanner for OpenClaw/ClawHub skills. Best-in-class detection across 18 security checks including prompt injection detection โ the first scanner to catch agent manipulation attacks in skill documentation. 5-dimension trust scoring, trend tracking, diff analysis, and benchmarking. Zero false positives on legitimate skills.
When to Activate
Installing a new skill from ClawHub - run inspect.sh for full pre-install validation Auditing existing skills - use audit.sh to scan any skill directory Generating trust scores - use trust_score.py for 0-100 rating across 5 dimensions Comparing skills - use trust_score.py --compare for side-by-side analysis Tracking improvements - use trust_score.py --save-trend to monitor score over time Reviewing updates - use diff-audit.sh to compare before/after versions Batch scanning - use audit-all.sh or benchmark.sh for fleet-wide analysis
Quick Start
# Audit a single skill bash audit.sh /path/to/skill # Trust score (0-100 across 5 dimensions) python3 trust_score.py /path/to/skill # Compare two skills side by side python3 trust_score.py /path/to/skill1 --compare /path/to/skill2 # Track score over time python3 trust_score.py /path/to/skill --save-trend python3 trust_score.py /path/to/skill --trend # Diff audit (before/after update) bash diff-audit.sh /path/to/old-version /path/to/new-version # Benchmark against a corpus bash benchmark.sh /path/to/skills-dir # Inspect a ClawHub skill before installing bash inspect.sh skill-slug # Audit all installed skills bash audit-all.sh # Generate a markdown report bash report.sh # Run test suite (28 assertions) bash test.sh
Guardrails / Anti-Patterns
DO: โ Always audit skills before installing from untrusted sources โ Review trust scores - reject skills scoring below 60 (D grade) โ Use diff-audit.sh when updating skills to catch regressions โ Use --json output for CI/CD pipeline integration โ Run --save-trend periodically to track skill health DON'T: โ Install skills scoring below 40 (F grade) without extensive manual review โ Ignore CRITICAL findings - they indicate potential security threats โ Blindly add skills to allowlist without understanding why they access credentials โ Skip audit because a skill is "popular" or "official"
Security Checks (18 total)
#CheckSeverityDescription1credential-harvestCRITICALScripts reading API keys/tokens AND making network calls2exfiltration-urlCRITICALwebhook.site, requestbin, ngrok URLs in scripts3obfuscated-payloadCRITICALBase64-encoded URLs or shell commands4sensitive-fsCRITICAL/etc/passwd, ~/.ssh, ~/.aws/credentials access5crypto-walletCRITICALHardcoded ETH/BTC wallet addresses (drain attacks)6dependency-confusionCRITICALInternal/private-scoped packages in public deps7typosquattingCRITICALMisspelled package names (lodahs, requets, etc.)8symlink-attackCRITICALSymlinks targeting sensitive system paths9code-executionWARNINGeval(), exec(), subprocess patterns10time-bombWARNINGDate/time comparisons that could trigger delayed payloads11telemetry-detectedWARNINGAnalytics SDKs, tracking pixels, phone-home behavior12excessive-permissionsWARNING>15 bins/env/config items requested13unusual-portsWARNINGNetwork calls to non-standard ports14prompt-injectionCRITICALAgent manipulation in docs: "ignore instructions", role hijacking, hidden HTML directives15download-executeCRITICALcurl|bash, wget|sh, eval $(curl), unsafe pip/npm installs16hidden-fileWARNINGSuspicious dotfiles that may hide malicious content17env-exfiltrationCRITICALReading sensitive env vars + outbound network calls18privilege-escalationCRITICALsudo, chmod 777/setuid, writes to system paths Context-aware: credential mentions in documentation are INFO, not CRITICAL.
Trust Score (5 Dimensions)
DimensionMaxWhat's MeasuredSecurity35Audit findings (criticals = -18, warnings = -4)Quality22Description, version, usage docs, examples, metadata, changelogStructure18File organization, tests, README, reasonable scopeTransparency15License, no minified code, code commentsBehavioral10Rate limiting, error handling, input validation Grades: A (90+), B (75+), C (60+), D (40+), F (<40)
Comparative Scoring
python3 trust_score.py /path/to/skill-a --compare /path/to/skill-b Shows per-dimension deltas and overall score difference.
Trend Tracking
python3 trust_score.py /path/to/skill --save-trend # Record score python3 trust_score.py /path/to/skill --trend # View history Stores up to 50 entries per skill in trust_trends.json.
Tools
FilePurposeaudit.shSingle skill security audit (18 checks)audit-all.shBatch scan all installed skillstrust_score.pyTrust score calculator (5-dimension, 0-100)diff-audit.shCompare skill versions for security regressionsbenchmark.shCorpus-wide audit with aggregate statisticsinspect.shClawHub pre-install workflowreport.shMarkdown report generatortest.shAutomated test suite (28 assertions, 12 test skills)allowlist.jsonKnown-good credential skills
Test Suite
12 test skills (8 malicious, 4 clean) with 28 automated assertions: bash test.sh Malicious fixtures: credential harvest, obfuscated payload, sensitive fs reads, crypto wallets, time bombs, symlink attacks, prompt injection, download-execute, privilege escalation. Clean fixtures: basic skill, credential docs (false positive check), network skill, dotfiles skill.
Exit Codes
0: PASS / safe to install 1: REVIEW / warnings found 2: FAIL / critical issues 3: Error / bad input
Changelog
See CHANGELOG.md for full version history.
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Docs2 Scripts1 Config
- SKILL.md
- CHANGELOG.md
- TEST-FIXTURES-WARNING.md
- audit-all.sh
- audit.sh
- allowlist.json