Safety Report

Skill Audit by Raini

Name: Skill Audit by Raini
Author: 0xRaini

Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.

660Downloads

4Installs

0Stars

1Versions

Security & Compliance3,689 Calendar & Scheduling2,920 DevOps & Infrastructure2,137 Legal & Compliance1,710

Security Analysis

high confidence

Clean

This skill is a local security scanner whose code and instructions are coherent with its stated purpose; there are minor documentation mismatches and the scanner uses heuristic regexes that can produce false positives, but nothing indicates malicious intent.

Mar 7, 20263 files1 concern

Purpose & Capabilityok

Name, package.json description, SKILL.md and the included src/audit.js implement a security scanner for OpenClaw skills. The code scans files and looks for credential references, network calls, and dynamic execution patterns — all are appropriate for a skill-audit tool. It does not request unrelated credentials or binaries.

Instruction Scopenote

SKILL.md and the CLI instruct running the scanner against skill directories (e.g., ~/.openclaw/workspace/skills or a provided path), which is appropriate. However SKILL.md documents a '/skill-audit check <clawhub-slug>' command that is not implemented in src/audit.js (the CLI only supports 'scan'). Also the scanner will read any files in the target path (which is expected) and could report many heuristic hits; that behavior is normal for a file-scanner but worth knowing.

Install Mechanismok

No install spec or remote downloads are included — this is an instruction-only/package-contained skill with the scanner source bundled. Nothing is fetched from external URLs at install time.

Credentialsok

No environment variables, credentials, or config paths are required. The code reads filesystem paths supplied by the user and uses process.env.HOME to locate the default workspace; that is proportionate to a scanner. It does not ask for unrelated secrets.

Persistence & Privilegeok

always is false and the skill does not request elevated persistence or modify other skills. disable-model-invocation is false (agent can call it autonomously) — appropriate for a utility skill. There is no evidence it alters agent/system-wide settings.

Guidance

This appears to be a legitimate local security scanner. Before installing: 1) Note SKILL.md mentions a 'check' command that the bundled CLI does not implement — treat that as a documentation mismatch. 2) The scanner uses simple regex heuristics and will produce false positives (and could miss sophisticated obfuscation); review flagged files manually. 3) When running 'scan --all' the tool will read all files in your skills directory — run it in a safe environment or with explicit paths if you're concerned about sensitive locations. 4) Because the skill can be invoked autonomously by the agent, consider whether you want it enabled for automatic runs; this is not a red flag by itself but be mindful of what paths the agent may instruct the skill to scan. 5) If you rely on its results for critical decisions, open the bundled src/audit.js and verify the detection rules and allowlist domains yourself (the code is short and readable).

Latest Release

v1.0.0

Initial release - Security scanner for OpenClaw skills

More by @0xRaini

Soulmate

3 stars

Crypto Watcher

2 stars

Nightly Build

0 stars

SkillTree

0 stars

YouTube Digest

0 stars

Molt-Solver

0 stars

Published by @0xRaini on ClawHub