Skill Auditor 🔍
Audit ClawHub skills for security threats before installing them.
Triggers
Use this skill when:
- - "Audit this skill"
- "Check skill security"
- Before installing any third-party skill
Usage
Method 1: Pre-install audit (recommended)
CODEBLOCK0
Method 2: Audit an installed skill
CODEBLOCK1
Detection Layers
L1: Pattern Matching
| Severity | Pattern | Risk |
|---|
| 🔴 High | INLINECODE0 | Encoded execution |
| 🔴 High |
curl.*\|.*bash | Remote script execution |
| 🔴 High |
eval\( /
exec\( | Dynamic code execution |
| 🔴 High | Known C2 server IPs | Malicious communication |
| 🟡 Medium | Access to
~/.openclaw/ | Config theft |
| 🟡 Medium | Reads
$API_KEY etc. | Credential leakage |
| 🟡 Medium | Social engineering keywords | User deception |
| 🟢 Low | Requires sudo | Elevated privileges |
L2: Deobfuscation
Automatically decodes hidden malicious payloads:
- - Base64 — Decodes and scans for hidden commands
- Hex — Decodes
\x41\x42 format strings - Checks decoded content for C2 servers and dangerous commands
L3: LLM Analysis (optional)
Uses Gemini CLI to analyze suspicious code intent:
- - Semantic understanding beyond pattern matching
- Detects novel/unknown threats
- Requires
gemini CLI installed
Known Indicators of Compromise (IoC)
C2 Server IPs
�CODEBLOCK2
Malicious Domains
�CODEBLOCK3
Social Engineering Keywords
�CODEBLOCK4
Output Format
CODEBLOCK5
Best Practices
- 1. Always audit before install — Never skip the security check
- Trust no skill blindly — Including highly starred or popular ones
- Check updates — Skill updates may introduce malicious code
- Report suspicious skills — Send to steipete@gmail.com
Maintenance
Update this skill when new threats are discovered:
- 1. New malicious IP → Add to �INLINECODE8
- New malicious domain → Add to �INLINECODE9
- New social engineering lure → Add to �INLINECODE10
- New attack pattern → Add regex detection
Update location: variable definitions at the top of �INLINECODE11
References
技能审计器 🔍
在安装前审计ClawHub技能是否存在安全威胁。
触发条件
在以下情况使用此技能:
使用方法
方法一:安装前审计(推荐)
bash
无需安装即可检查
clawhub inspect <技能名称>
运行审计脚本
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <技能名称>
方法二:审计已安装技能
bash
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <技能路径>
检测层级
L1:模式匹配
| 严重程度 | 模式 | 风险 |
|---|
| 🔴 高危 | base64.\ | .bash | 编码执行 |
| 🔴 高危 |
curl.
\|.bash | 远程脚本执行 |
| 🔴 高危 | eval\( / exec\( | 动态代码执行 |
| 🔴 高危 | 已知C2服务器IP | 恶意通信 |
| 🟡 中危 | 访问~/.openclaw/ | 配置窃取 |
| 🟡 中危 | 读取$API_KEY等 | 凭证泄露 |
| 🟡 中危 | 社会工程关键词 | 用户欺骗 |
| 🟢 低危 | 需要sudo权限 | 提权操作 |
L2:反混淆
自动解码隐藏的恶意载荷:
- - Base64 — 解码并扫描隐藏命令
- Hex — 解码\x41\x42格式字符串
- 检查解码内容中的C2服务器和危险命令
L3:LLM分析(可选)
使用Gemini CLI分析可疑代码意图:
- - 超越模式匹配的语义理解
- 检测新型/未知威胁
- 需要安装gemini CLI
已知入侵指标(IoC)
C2服务器IP
91.92.242.30 # ClawHavoc主服务器
恶意域名
glot.io # 托管混淆脚本
webhook.site # 数据外泄端点
社会工程关键词
OpenClawDriver # 不存在的驱动程序
ClawdBot Driver # 社会工程诱饵
Required Driver # 诱骗用户安装恶意软件
输出格式
═══════════════════════════════════════════
技能审计报告:<技能名称>
═══════════════════════════════════════════
🔴 高危发现:
[第23行] 检测到base64编码执行
[第45行] 发现curl|bash模式
🟡 中危发现:
[第12行] 访问~/.openclaw/目录
🟢 低危发现:
[第5行] 安装需要sudo权限
═══════════════════════════════════════════
结论:❌ 请勿安装
═══════════════════════════════════════════
最佳实践
- 1. 安装前务必审计 — 切勿跳过安全检查
- 不要盲目信任任何技能 — 包括高星或热门技能
- 检查更新 — 技能更新可能引入恶意代码
- 举报可疑技能 — 发送至 steipete@gmail.com
维护
发现新威胁时更新此技能:
- 1. 新恶意IP → 添加到MALICIOUSIPS
- 新恶意域名 → 添加到MALICIOUSDOMAINS
- 新社会工程诱饵 → 添加到SOCIAL_ENGINEERING
- 新攻击模式 → 添加正则检测
更新位置:scripts/audit.sh顶部的变量定义
参考
