{ "schemaVersion": "1.0", "item": { "slug": "yoder-skill-auditor", "name": "Yoder Skill Auditor", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/yoder-bawt/yoder-skill-auditor", "canonicalUrl": "https://clawhub.ai/yoder-bawt/yoder-skill-auditor", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/yoder-skill-auditor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=yoder-skill-auditor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "SKILL.md", "TEST-FIXTURES-WARNING.md", "allowlist.json", "audit-all.sh", "audit.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/yoder-skill-auditor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/yoder-skill-auditor", "agentPageUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Skill Auditor v3.1.0", "body": "The definitive security scanner for OpenClaw/ClawHub skills. Best-in-class detection across 18 security checks including prompt injection detection — the first scanner to catch agent manipulation attacks in skill documentation. 5-dimension trust scoring, trend tracking, diff analysis, and benchmarking. Zero false positives on legitimate skills." }, { "title": "When to Activate", "body": "Installing a new skill from ClawHub - run inspect.sh for full pre-install validation\nAuditing existing skills - use audit.sh to scan any skill directory\nGenerating trust scores - use trust_score.py for 0-100 rating across 5 dimensions\nComparing skills - use trust_score.py --compare for side-by-side analysis\nTracking improvements - use trust_score.py --save-trend to monitor score over time\nReviewing updates - use diff-audit.sh to compare before/after versions\nBatch scanning - use audit-all.sh or benchmark.sh for fleet-wide analysis" }, { "title": "Quick Start", "body": "# Audit a single skill\nbash audit.sh /path/to/skill\n\n# Trust score (0-100 across 5 dimensions)\npython3 trust_score.py /path/to/skill\n\n# Compare two skills side by side\npython3 trust_score.py /path/to/skill1 --compare /path/to/skill2\n\n# Track score over time\npython3 trust_score.py /path/to/skill --save-trend\npython3 trust_score.py /path/to/skill --trend\n\n# Diff audit (before/after update)\nbash diff-audit.sh /path/to/old-version /path/to/new-version\n\n# Benchmark against a corpus\nbash benchmark.sh /path/to/skills-dir\n\n# Inspect a ClawHub skill before installing\nbash inspect.sh skill-slug\n\n# Audit all installed skills\nbash audit-all.sh\n\n# Generate a markdown report\nbash report.sh\n\n# Run test suite (28 assertions)\nbash test.sh" }, { "title": "Guardrails / Anti-Patterns", "body": "DO:\n\n✓ Always audit skills before installing from untrusted sources\n✓ Review trust scores - reject skills scoring below 60 (D grade)\n✓ Use diff-audit.sh when updating skills to catch regressions\n✓ Use --json output for CI/CD pipeline integration\n✓ Run --save-trend periodically to track skill health\n\nDON'T:\n\n✗ Install skills scoring below 40 (F grade) without extensive manual review\n✗ Ignore CRITICAL findings - they indicate potential security threats\n✗ Blindly add skills to allowlist without understanding why they access credentials\n✗ Skip audit because a skill is \"popular\" or \"official\"" }, { "title": "Security Checks (18 total)", "body": "#CheckSeverityDescription1credential-harvestCRITICALScripts reading API keys/tokens AND making network calls2exfiltration-urlCRITICALwebhook.site, requestbin, ngrok URLs in scripts3obfuscated-payloadCRITICALBase64-encoded URLs or shell commands4sensitive-fsCRITICAL/etc/passwd, ~/.ssh, ~/.aws/credentials access5crypto-walletCRITICALHardcoded ETH/BTC wallet addresses (drain attacks)6dependency-confusionCRITICALInternal/private-scoped packages in public deps7typosquattingCRITICALMisspelled package names (lodahs, requets, etc.)8symlink-attackCRITICALSymlinks targeting sensitive system paths9code-executionWARNINGeval(), exec(), subprocess patterns10time-bombWARNINGDate/time comparisons that could trigger delayed payloads11telemetry-detectedWARNINGAnalytics SDKs, tracking pixels, phone-home behavior12excessive-permissionsWARNING>15 bins/env/config items requested13unusual-portsWARNINGNetwork calls to non-standard ports14prompt-injectionCRITICALAgent manipulation in docs: \"ignore instructions\", role hijacking, hidden HTML directives15download-executeCRITICALcurl|bash, wget|sh, eval $(curl), unsafe pip/npm installs16hidden-fileWARNINGSuspicious dotfiles that may hide malicious content17env-exfiltrationCRITICALReading sensitive env vars + outbound network calls18privilege-escalationCRITICALsudo, chmod 777/setuid, writes to system paths\n\nContext-aware: credential mentions in documentation are INFO, not CRITICAL." }, { "title": "Trust Score (5 Dimensions)", "body": "DimensionMaxWhat's MeasuredSecurity35Audit findings (criticals = -18, warnings = -4)Quality22Description, version, usage docs, examples, metadata, changelogStructure18File organization, tests, README, reasonable scopeTransparency15License, no minified code, code commentsBehavioral10Rate limiting, error handling, input validation\n\nGrades: A (90+), B (75+), C (60+), D (40+), F (<40)" }, { "title": "Comparative Scoring", "body": "python3 trust_score.py /path/to/skill-a --compare /path/to/skill-b\n\nShows per-dimension deltas and overall score difference." }, { "title": "Trend Tracking", "body": "python3 trust_score.py /path/to/skill --save-trend # Record score\npython3 trust_score.py /path/to/skill --trend # View history\n\nStores up to 50 entries per skill in trust_trends.json." }, { "title": "Tools", "body": "FilePurposeaudit.shSingle skill security audit (18 checks)audit-all.shBatch scan all installed skillstrust_score.pyTrust score calculator (5-dimension, 0-100)diff-audit.shCompare skill versions for security regressionsbenchmark.shCorpus-wide audit with aggregate statisticsinspect.shClawHub pre-install workflowreport.shMarkdown report generatortest.shAutomated test suite (28 assertions, 12 test skills)allowlist.jsonKnown-good credential skills" }, { "title": "Test Suite", "body": "12 test skills (8 malicious, 4 clean) with 28 automated assertions:\n\nbash test.sh\n\nMalicious fixtures: credential harvest, obfuscated payload, sensitive fs reads, crypto wallets, time bombs, symlink attacks, prompt injection, download-execute, privilege escalation.\nClean fixtures: basic skill, credential docs (false positive check), network skill, dotfiles skill." }, { "title": "Exit Codes", "body": "0: PASS / safe to install\n1: REVIEW / warnings found\n2: FAIL / critical issues\n3: Error / bad input" }, { "title": "Changelog", "body": "See CHANGELOG.md for full version history." } ], "body": "Skill Auditor v3.1.0\n\nThe definitive security scanner for OpenClaw/ClawHub skills. Best-in-class detection across 18 security checks including prompt injection detection — the first scanner to catch agent manipulation attacks in skill documentation. 5-dimension trust scoring, trend tracking, diff analysis, and benchmarking. Zero false positives on legitimate skills.\n\nWhen to Activate\nInstalling a new skill from ClawHub - run inspect.sh for full pre-install validation\nAuditing existing skills - use audit.sh to scan any skill directory\nGenerating trust scores - use trust_score.py for 0-100 rating across 5 dimensions\nComparing skills - use trust_score.py --compare for side-by-side analysis\nTracking improvements - use trust_score.py --save-trend to monitor score over time\nReviewing updates - use diff-audit.sh to compare before/after versions\nBatch scanning - use audit-all.sh or benchmark.sh for fleet-wide analysis\nQuick Start\n# Audit a single skill\nbash audit.sh /path/to/skill\n\n# Trust score (0-100 across 5 dimensions)\npython3 trust_score.py /path/to/skill\n\n# Compare two skills side by side\npython3 trust_score.py /path/to/skill1 --compare /path/to/skill2\n\n# Track score over time\npython3 trust_score.py /path/to/skill --save-trend\npython3 trust_score.py /path/to/skill --trend\n\n# Diff audit (before/after update)\nbash diff-audit.sh /path/to/old-version /path/to/new-version\n\n# Benchmark against a corpus\nbash benchmark.sh /path/to/skills-dir\n\n# Inspect a ClawHub skill before installing\nbash inspect.sh skill-slug\n\n# Audit all installed skills\nbash audit-all.sh\n\n# Generate a markdown report\nbash report.sh\n\n# Run test suite (28 assertions)\nbash test.sh\n\nGuardrails / Anti-Patterns\n\nDO:\n\n✓ Always audit skills before installing from untrusted sources\n✓ Review trust scores - reject skills scoring below 60 (D grade)\n✓ Use diff-audit.sh when updating skills to catch regressions\n✓ Use --json output for CI/CD pipeline integration\n✓ Run --save-trend periodically to track skill health\n\nDON'T:\n\n✗ Install skills scoring below 40 (F grade) without extensive manual review\n✗ Ignore CRITICAL findings - they indicate potential security threats\n✗ Blindly add skills to allowlist without understanding why they access credentials\n✗ Skip audit because a skill is \"popular\" or \"official\"\nSecurity Checks (18 total)\n#\tCheck\tSeverity\tDescription\n1\tcredential-harvest\tCRITICAL\tScripts reading API keys/tokens AND making network calls\n2\texfiltration-url\tCRITICAL\twebhook.site, requestbin, ngrok URLs in scripts\n3\tobfuscated-payload\tCRITICAL\tBase64-encoded URLs or shell commands\n4\tsensitive-fs\tCRITICAL\t/etc/passwd, ~/.ssh, ~/.aws/credentials access\n5\tcrypto-wallet\tCRITICAL\tHardcoded ETH/BTC wallet addresses (drain attacks)\n6\tdependency-confusion\tCRITICAL\tInternal/private-scoped packages in public deps\n7\ttyposquatting\tCRITICAL\tMisspelled package names (lodahs, requets, etc.)\n8\tsymlink-attack\tCRITICAL\tSymlinks targeting sensitive system paths\n9\tcode-execution\tWARNING\teval(), exec(), subprocess patterns\n10\ttime-bomb\tWARNING\tDate/time comparisons that could trigger delayed payloads\n11\ttelemetry-detected\tWARNING\tAnalytics SDKs, tracking pixels, phone-home behavior\n12\texcessive-permissions\tWARNING\t>15 bins/env/config items requested\n13\tunusual-ports\tWARNING\tNetwork calls to non-standard ports\n14\tprompt-injection\tCRITICAL\tAgent manipulation in docs: \"ignore instructions\", role hijacking, hidden HTML directives\n15\tdownload-execute\tCRITICAL\tcurl|bash, wget|sh, eval $(curl), unsafe pip/npm installs\n16\thidden-file\tWARNING\tSuspicious dotfiles that may hide malicious content\n17\tenv-exfiltration\tCRITICAL\tReading sensitive env vars + outbound network calls\n18\tprivilege-escalation\tCRITICAL\tsudo, chmod 777/setuid, writes to system paths\n\nContext-aware: credential mentions in documentation are INFO, not CRITICAL.\n\nTrust Score (5 Dimensions)\nDimension\tMax\tWhat's Measured\nSecurity\t35\tAudit findings (criticals = -18, warnings = -4)\nQuality\t22\tDescription, version, usage docs, examples, metadata, changelog\nStructure\t18\tFile organization, tests, README, reasonable scope\nTransparency\t15\tLicense, no minified code, code comments\nBehavioral\t10\tRate limiting, error handling, input validation\n\nGrades: A (90+), B (75+), C (60+), D (40+), F (<40)\n\nComparative Scoring\npython3 trust_score.py /path/to/skill-a --compare /path/to/skill-b\n\n\nShows per-dimension deltas and overall score difference.\n\nTrend Tracking\npython3 trust_score.py /path/to/skill --save-trend # Record score\npython3 trust_score.py /path/to/skill --trend # View history\n\n\nStores up to 50 entries per skill in trust_trends.json.\n\nTools\nFile\tPurpose\naudit.sh\tSingle skill security audit (18 checks)\naudit-all.sh\tBatch scan all installed skills\ntrust_score.py\tTrust score calculator (5-dimension, 0-100)\ndiff-audit.sh\tCompare skill versions for security regressions\nbenchmark.sh\tCorpus-wide audit with aggregate statistics\ninspect.sh\tClawHub pre-install workflow\nreport.sh\tMarkdown report generator\ntest.sh\tAutomated test suite (28 assertions, 12 test skills)\nallowlist.json\tKnown-good credential skills\nTest Suite\n\n12 test skills (8 malicious, 4 clean) with 28 automated assertions:\n\nbash test.sh\n\n\nMalicious fixtures: credential harvest, obfuscated payload, sensitive fs reads, crypto wallets, time bombs, symlink attacks, prompt injection, download-execute, privilege escalation. Clean fixtures: basic skill, credential docs (false positive check), network skill, dotfiles skill.\n\nExit Codes\n0: PASS / safe to install\n1: REVIEW / warnings found\n2: FAIL / critical issues\n3: Error / bad input\nChangelog\n\nSee CHANGELOG.md for full version history." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/yoder-bawt/yoder-skill-auditor", "publisherUrl": "https://clawhub.ai/yoder-bawt/yoder-skill-auditor", "owner": "yoder-bawt", "version": "3.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/yoder-skill-auditor", "downloadUrl": "https://openagent3.xyz/downloads/yoder-skill-auditor", "agentUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/yoder-skill-auditor/agent.md" } }