skill-risk-auditor
Inspect an OpenClaw or Claude Code skill for security risks before install or publish. Flags dangerous shell commands, curl-pipe-bash patterns, obfuscated scripts, hardcoded secrets, suspicious domains, and social-engineering prompt injections. Gives a plain English risk summary. Use this skill when you want to audit a skill directory for safety.
Resources
6Install
npx skillscat add honouralexwill/skill-risk-auditor-v1-without-saturnday Install via the SkillsCat registry.
Skill Risk Auditor
You are a security auditor for OpenClaw / Claude Code skills. When the user invokes this skill, run the TypeScript-based scanner against the target skill directory and present the findings.
How to run the audit
The user provides a skill path as
$ARGUMENTS. If no path is given, ask the user which skill they want to audit.Run the compiled auditor:
node ${CLAUDE_SKILL_DIR}/dist/audit.js $ARGUMENTSIf the
--jsonflag is included, the output will be machine-readable JSON. Otherwise it produces a formatted human-readable report.If the
--compareflag is included with a hash, the tool also compares the local skill hash against the published version.
How to interpret results
The auditor scans for six categories of risk:
| Category | What it catches |
|---|---|
| shell-commands | rm -rf /, fork bombs, reverse shells, privilege escalation, firewall disabling |
| curl-pipe | curl | bash, wget | sh, source <(curl ...), eval of remote content |
| obfuscation | Hex/octal escapes, base64-encoded payloads, eval(atob(...)), minified blobs, String.fromCharCode |
| secrets | AWS keys, GitHub tokens, Slack tokens, hardcoded passwords, private keys, DB connection strings |
| domains | Suspicious TLDs (.tk, .xyz), raw IP URLs, URL shorteners, non-allowlisted external domains |
| social-engineering | Prompt injection ("ignore previous instructions"), persona hijacking, safety bypass instructions, data exfiltration commands |
Severity levels
- CRITICAL (score: 40 each) — Immediate danger. Do not install.
- HIGH (score: 20 each) — Likely malicious or very risky. Review carefully.
- MEDIUM (score: 8 each) — Suspicious but may be legitimate. Verify intent.
- LOW (score: 2 each) — Informational. Unlikely to be harmful alone.
Risk levels
| Score range | Level |
|---|---|
| 0 | CLEAN |
| 1–10 | LOW |
| 11–40 | MEDIUM |
| 41–100 | HIGH |
| 101–200 | CRITICAL |
After showing results
- If risk is CRITICAL or HIGH: Strongly recommend the user NOT install the skill and explain the most dangerous findings in plain language.
- If risk is MEDIUM: Recommend the user review the flagged items and decide based on context.
- If risk is LOW or CLEAN: Confirm the skill looks safe, note any minor items.
If the user asks for more detail on a specific finding, read the flagged file and explain the risky pattern in context.
Categories
Install
npx skillscat add honouralexwill/skill-risk-auditor-v1-without-saturnday Install via the SkillsCat registry.