Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install raini-skill-audit或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install raini-skill-audit⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/raini-skill-audit/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
扫描 OpenClaw skills 中的安全风险,防止供应链攻击。
---
/skill-audit scan [skill-name]扫描已安装的 skill,检测可疑代码模式。
# 扫描所有已安装 skill
skill-audit scan
# 扫描指定 skill
skill-audit scan moltdash
# 扫描本地目录
skill-audit scan ./my-skill
/skill-audit check 安装前检查 ClawHub 上的 skill。
skill-audit check some-skill
---
~/.ssh/, ~/.env, credentials.jsonfetch(), curl, webhook, POST 到未知 URLeval(), exec(), child_processprocess.env.API_KEYfs.readdir(), glob---
🔍 Skill Audit Report: suspicious-weather
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 85/100 🔴 HIGH RISK
┌─────────────┬──────────┬─────────────────────────────────┐
│ File │ Severity │ Finding │
├─────────────┼──────────┼─────────────────────────────────┤
│ index.ts │ CRITICAL │ Reads ~/.openclaw/credentials/ │
│ index.ts │ CRITICAL │ POST to webhook.site │
│ utils.ts │ WARNING │ Uses eval() │
└─────────────┴──────────┴─────────────────────────────────┘
⚠️ DO NOT INSTALL - This skill may steal your credentials!
---
该 skill 附带一个 CLI 脚本,agent 可直接调用:
node {baseDir}/src/audit.js scan ~/.openclaw/workspace/skills/moltdash
node {baseDir}/src/audit.js scan --all
---
安装 Skill Audit by Raini 后,可以对 AI 说这些话来触发它
Help me get started with Skill Audit by Raini
Explains what Skill Audit by Raini does, walks through the setup, and runs a quick demo based on your current project
Use Skill Audit by Raini to scans installed or remote OpenClaw skills for security risks like c...
Invokes Skill Audit by Raini with the right parameters and returns the result directly in the conversation
What can I do with Skill Audit by Raini in my ai agent & automation workflow?
Lists the top use cases for Skill Audit by Raini, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/raini-skill-audit/ 目录(个人级,所有项目可用),或 .claude/skills/raini-skill-audit/(项目级)。重启 AI 客户端后,用 /raini-skill-audit 主动调用,或让 AI 根据上下文自动发现并使用。
Skill Audit by Raini 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Skill Audit by Raini 可免费安装使用。请查阅仓库了解许可证信息。
Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.
Skill Audit by Raini 属于「AI Agent & Automation」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my ai agent & automation tasks using Skill Audit by Raini
Identifies repetitive steps in your workflow and sets up Skill Audit by Raini to handle them automatically