Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install skill-security-auditor或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install skill-security-auditor⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/skill-security-auditor/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: skill-security-auditor description: Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns. emoji: 🔍🛡️ metadata: openclaw: requires: bins: ["curl", "jq", "grep", "bash"] version: "1.0.0" author: "akm626" category: "security" tags: ["security", "audit", "malware-detection", "skill-vetting", "cli-tool"] ---
The Skill Security Auditor is a command-line tool that performs pattern-based security analysis of ClawHub skills before installation. Given the recent discovery of 341+ malicious skills (ClawHavoc campaign) that distributed Atomic Stealer (AMOS) and stole cryptocurrency credentials, this tool provides essential pre-installation threat detection.
What this skill provides:
analyze-skill.sh) for local security analysispatterns/malicious-patterns.json)How to use it:
analyze-skill.sh script against any skill (by slug or local file)Use this tool when:
This tool does NOT:
Scans for known malicious patterns from the ClawHavoc campaign:
Identifies potential credential exposure vectors:
Analyzes skill dependencies for:
Checks for Command & Control indicators:
Verifies skill integrity:
Each analyzed skill receives a Risk Score (0-100):
This skill provides a bash script (analyze-skill.sh) that performs pattern-based security analysis of ClawHub skills. The analysis runs locally using the included threat intelligence database.
# Install the skill from ClawHub
npx clawhub install skill-security-auditor
# Make the analyzer executable
chmod +x ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh
# Optional: Create alias for convenience
echo 'alias audit-skill="~/.openclaw/skills/skill-security-auditor/analyze-skill.sh"' >> ~/.bashrc
source ~/.bashrc
Method 1: Analyze by slug (automatic fetch from ClawHub)
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh --slug bitcoin-tracker
# Example output:
# ============================================
# SECURITY AUDIT REPORT
# ============================================
#
# Risk Score: 85/100 - ☠️ CRITICAL
# ...
Method 2: Analyze local file
# Download skill first
curl -s "https://clawhub.ai/api/skills/bitcoin-tracker/latest" > /tmp/skill.md
# Then analyze
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh --file /tmp/skill.md
# Scan all skills in your workspace
for skill in ~/.openclaw/skills/*/SKILL.md; do
echo "Checking: $(basename $(dirname $skill))"
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -f "$skill"
done
# Fast grep-based pattern matching (no full analysis)
grep -iE "(prerequisite.*download|91\.92\.242\.30|curl.*\|.*bash)" SKILL.md
- Matches: "Prerequisites", "Setup Required", "Installation Steps" - Contains: Download links to .zip, .exe, .dmg files - Example: "Download openclaw-agent.zip from https://..."
- IP: 91.92.242.30 (ClawHavoc C2) - Domains: Newly registered or suspicious TLDs - Encoded URLs or base64 obfuscation
- Regex patterns for API keys: (api[_-]?key|token|password)\s[:=]\s['\"][^'\"]+['\"] - SSH key access requests - Wallet private key patterns
- curl | bash or wget | sh patterns - Hidden base64 encoded commands - Dynamic eval() or exec() on external input
- Binary requirements without clear justification - Dependencies from unverified sources - Excessive permission requests
- Heavily encoded strings in metadata - Minified or obfuscated JavaScript/Python - Redirect chains in URLs
- Urgency phrases: "Install immediately", "Limited time" - Authority claims: "Official OpenClaw", "Verified by Anthropic" - Fear tactics: "Your system is at risk without this"
- GitHub account > 1 year old - Multiple well-rated skills - Active community engagement
- Clear binary requirements with official sources - Open-source tool dependencies - Well-documented permission needs
- Clean, readable SKILL.md - Proper error handling - No unnecessary network calls
## Security Audit Report
**Skill**: {skill-name}
**Author**: {author}
**Version**: {version}
**Audit Date**: {date}
### Risk Score: {score}/100 - {RISK_LEVEL}
### Critical Findings:
- {finding 1}
- {finding 2}
### Warning Indicators:
- {warning 1}
- {warning 2}
### Positive Indicators:
- {positive 1}
- {positive 2}
### Recommendations:
{INSTALL | DO NOT INSTALL | REVIEW MANUALLY}
### Detailed Analysis:
{Deep dive into specific concerns}
### VirusTotal Link:
{If available from ClawHub}
...
安装 Skill Security Auditor 后,可以对 AI 说这些话来触发它
Help me get started with Skill Security Auditor
Explains what Skill Security Auditor does, walks through the setup, and runs a quick demo based on your current project
Use Skill Security Auditor to command-line security analyzer for ClawHub skills
Invokes Skill Security Auditor with the right parameters and returns the result directly in the conversation
What can I do with Skill Security Auditor in my developer & devops workflow?
Lists the top use cases for Skill Security Auditor, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/skill-security-auditor/ 目录(个人级,所有项目可用),或 .claude/skills/skill-security-auditor/(项目级)。重启 AI 客户端后,用 /skill-security-auditor 主动调用,或让 AI 根据上下文自动发现并使用。
Skill Security Auditor 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Skill Security Auditor 可免费安装使用。请查阅仓库了解许可证信息。
Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.
Automate my developer & devops tasks using Skill Security Auditor
Identifies repetitive steps in your workflow and sets up Skill Security Auditor to handle them automatically
Skill Security Auditor 属于「Developer & DevOps」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。