Skill Auditor v2.1

Enhanced security scanner that analyzes skills and provides comprehensive threat detection with advanced analysis capabilities.

After Installing

Run the setup wizard to configure optional features:

CODEBLOCK0

The wizard explains each feature, shows real test data, and lets you choose what to enable.

Quick Start

Scan a skill:
CODEBLOCK1

Audit all your installed skills:
CODEBLOCK2

Setup Wizard (Recommended)

Run the interactive setup to configure optional features:

CODEBLOCK3

The wizard will:

1. 1. Detect your OS (Windows, macOS, Linux)
2. Check Python availability (required for AST analysis)
3. Offer to install tree-sitter for dataflow analysis
4. Configure auto-scan on skill installation
5. Save preferences to INLINECODE0

Setup Commands

CODEBLOCK4

Audit All Installed Skills

Scan every skill in your OpenClaw installation at once:

CODEBLOCK5

Options:
CODEBLOCK6

Output:

• - Color-coded risk levels (🚨 CRITICAL, ⚠️ HIGH, 📋 MEDIUM, ✅ CLEAN)
• Summary stats (total scanned, by risk level)
• Detailed list of high-risk skills with capabilities

Cross-Platform Installation

Core Scanner (No Dependencies)

AST Analysis (Optional)

Note: Tree-sitter has prebuilt wheels for all platforms — no C++ compiler needed!

Core Features (Always Available)

• - Static Pattern Analysis — Regex-based detection of 40+ threat patterns
• Intent Matching — Contextual analysis against skill's stated purpose
• Accuracy Scoring — Rates how well behavior matches description (1-10)
• Risk Assessment — CLEAN / LOW / MEDIUM / HIGH / CRITICAL levels
• OpenClaw Specifics — Detects MEMORY.md, sessions tools, agent manipulation
• Remote Scanning — Works with GitHub URLs (via scan-url.js)
• Visual Reports — Human-readable threat summaries

Advanced Features (Optional)

1. Python AST Dataflow Analysis

CODEBLOCK7

What it detects:

• - Environment variables → Network requests
• File reads → HTTP posts
• Memory file access → External APIs
• Cross-function data flows

Example:
CODEBLOCK8

2. VirusTotal Binary Scanning

CODEBLOCK9

Supported formats: .exe, .dll, .bin, .wasm, .jar, .apk, etc.

Output includes:

• - Malware detection status
• Engine consensus (e.g., "3/70 engines flagged")
• Direct VirusTotal report links
• SHA256 hashes for verification

3. LLM Semantic Analysis

CODEBLOCK10

How it works:

1. 1. Groups findings by category
2. Asks LLM: "Does this behavior match the skill's description?"
3. Adjusts severity based on semantic understanding
4. Provides confidence ratings

Example:

• - Finding: "Accesses MEMORY.md"
• Skill says: "Optimizes agent memory usage"
• LLM verdict: "LEGITIMATE — directly supports stated purpose"
• Result: Severity downgraded, marked as expected

4. SARIF Output for CI/CD

CODEBLOCK11

GitHub integration:
CODEBLOCK12

5. Detection Modes

CODEBLOCK13

Usage Examples

Basic Scanning

Advanced Scanning

Remote Scanning

Installation Options

Zero Dependencies (Recommended for CI)

Optional Advanced Features

What Gets Detected

Core Threat Categories

• - Prompt Injection — AI instruction manipulation attempts
• Data Exfiltration — Unauthorized data transmission
• Sensitive File Access — MEMORY.md, credentials, SSH keys
• Shell Execution — Command injection, arbitrary code execution
• Path Traversal — Directory escape attacks
• Obfuscation — Hidden/encoded content
• Persistence — System modification for permanent access
• Privilege Escalation — Browser automation, device access

OpenClaw-Specific Patterns

• - Memory File Writes — Persistence via MEMORY.md, AGENTS.md
• Session Tool Abuse — Data exfiltration via sessionssend
• Gateway Control — config.patch, restart commands
• Node Device Access — camerasnap, screenrecord, locationget

Advanced Detection (with optional features)

• - Python Dataflow — Variable tracking across functions/files
• Binary Malware — Known malicious executables via VirusTotal
• Semantic Intent — LLM-based behavior vs. description analysis

Output Formats

1. JSON (Default)

2. SARIF (GitHub Code Scanning)

--format sarif

3. Visual Report

node scripts/format-report.js report.json

Configuration

Environment Variables

Command Line Options

Architecture Overview

CODEBLOCK24

Backward Compatibility

v1.x commands work unchanged:
CODEBLOCK25

New v2.0 features are opt-in:
CODEBLOCK26

Limitations

Core Scanner

• - Novel obfuscation — New encoding techniques not yet in patterns
• Binary analysis — Skips binary files unless VirusTotal enabled
• Sophisticated prompt injection — Advanced manipulation techniques may evade regex

Optional Features

• - Python AST — Limited to Python files, basic dataflow only
• VirusTotal — Rate limited (500 queries/day free tier)
• LLM Analysis — Requires internet connection and OpenClaw gateway
• YARA Rules — Framework ready but custom rules not fully implemented

Troubleshooting

Common Issues

"tree-sitter dependencies not available"
CODEBLOCK27

"VirusTotal API error: 403"
CODEBLOCK28

"LLM semantic analysis failed"
CODEBLOCK29

"SARIF output not generated"
CODEBLOCK30

Debug Mode

Contributing

Adding New Patterns

1. 1. Static patterns → Edit INLINECODE7
2. YARA rules → Add to rules/ directory
3. Python dataflow → Extend INLINECODE9

Testing New Features

Security Note

This scanner is one layer of defense, not a guarantee. Always:

• - Review code manually for novel attacks
• Re-scan after skill updates
• Use multiple security tools
• Trust but verify — especially for high-privilege skills

For sensitive environments, enable all advanced features:
CODEBLOCK33