Can I customize the audit rules?

Yes, you can add your own rules or disable specific checks that do not apply to your use case. The default ruleset covers the OpenClaw platform requirements.

Does a passing audit guarantee marketplace approval?

A passing audit significantly increases your chances, but the marketplace review also considers functionality, documentation, and user experience. The audit covers the security portion of the review.

Home/Skills/Security/Security Audit

Security Audit

cerbug45·Feb 17, 2026

Security

7770

Summary

TL;DR: Audits OpenClaw skills against platform security requirements, checking permissions, data handling practices, API usage patterns, and code-level security issues.

Security Audit is an OpenClaw skill that minimal helper to audit skill.md-style instructions for supply-chain risks.

Created by cerbug45, this skill has been downloaded 754 times on ClawHub. Install it with one command and your AI agent gains these capabilities right away.

Use cases

Run a pre-submission audit on your skill before publishing to the OpenClaw marketplace
Evaluate third-party skills your team wants to install against your organization's security policy
Generate compliance evidence showing that your skills meet specific security requirements
Identify and fix permission over-requests that could get your skill flagged during review

Installation

Run this command to install the skill on your OpenClaw agent:

Install with OpenClaw

npx clawhub@latest install agents-skill-security-audit

Downloads

777

Active installs

Stars

Updated

Feb 17, 2026

Security scan

VirusTotalBenign

View report

OpenClawBenignhigh confidence

This is a small, local Python-based heuristic scanner that matches its description and requests only python3; nothing in the files indicates concealed exfiltration or unrelated privileges.

Purpose & Capability

Instruction Scope

Install Mechanism

Credentials

Persistence & Privilege

SKILL.md

---
name: security-audit
description: Minimal helper to audit skill.md-style instructions for supply-chain risks.
metadata:
  {
    "openclaw": {
      "requires": { "bins": ["python3"] },
      "category": "security"
    }
  }
---

# security-audit

Minimal helper to audit skill.md-style instructions for supply-chain risks.

## Features
- Heuristic scan for exfiltration patterns (HTTP POST, curl to unknown domains, reading ~/.env, credential keywords).
- Permission manifest reminder: lists filesystem/network touches it sees.
- Safe report: markdown summary + risk level.

## Usage
```bash
python audit.py path/to/skill.md > report.md
```

Version history

v0.1.0Latest

Feb 17, 2026

Initial release of the security-audit skill. - Provides heuristic scanning of skill.md instructions for supply-chain risks. - Detects exfiltration patterns such as HTTP POST requests, unknown domain curl commands, ~/.env reads, and credential keywords. - Summarizes detected filesystem and network accesses as a permission manifest reminder. - Generates a safe report in markdown format with an assigned risk level. - Simple command-line usage via Python.

Frequently asked questions

The scanner focuses on finding vulnerabilities in skill code. This audit tool takes a broader compliance view, checking permissions, data handling policies, API practices, and overall adherence to platform standards. The scanner finds bugs, the audit checks policy.

Installation method

Send this prompt to your agent to install the skill

npx clawhub@latest install agents-skill-security-audit

Download ZIP

Skill info

Versionv0.1.0

Authorcerbug45

CategorySecurity

UpdatedFeb 17, 2026

Files

SKILL.md645 B

Run OpenClaw in the cloud

Deploy in seconds. Skills pre-installed.

See plans

Skill data sourced from ClawHub