Overview
- Skill Key
- cerbug45/agents-skill-security-audit
- Author
- cerbug45
- Source Repo
- openclaw/skills
- Version
- -
- Source Path
- skills/cerbug45/agents-skill-security-audit
- Latest Commit SHA
- 1e185440a80180938e78318818bf808b4937e31c
Official OpenClaw
rules
36%
security-audit
Minimal helper to audit skill.md-style instructions for supply-chain risks.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
安装方式
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 security-audit 技能。 若已安装,则直接安装 security-audit 技能。
Extracted Content
SKILL.md excerpt
# security-audit Minimal helper to audit skill.md-style instructions for supply-chain risks. ## Features - Heuristic scan for exfiltration patterns (HTTP POST, curl to unknown domains, reading ~/.env, credential keywords). - Permission manifest reminder: lists filesystem/network touches it sees. - Safe report: markdown summary + risk level. ## Usage ```bash python audit.py path/to/skill.md > report.md ```
README excerpt
# Skill: security-audit (skill.md / instruction hygiene) Minimal helper to audit skill.md-style instructions for supply-chain risks. ## Features - Heuristic scan for exfiltration patterns (HTTP POST, curl to unknown domains, reading ~/.env, credential keywords). - Permission manifest reminder: lists filesystem/network touches it sees. - Safe report: markdown summary + risk level. ## Usage ```bash python audit.py path/to/skill.md > report.md ``` ## Heuristics (sample) - Exfil domains: webhook, pastebin, ngrok, tunnel, http POST/PUT outside allowed host list. - File access: ~/.env, ~/.ssh, /etc, tokens, credentials keywords. - Shell exec: curl|bash, chmod +x, sudo, rm -rf suspicious patterns. ## Output - RISK: HIGH/MED/LOW - Findings bullets with line refs - Suggested action (block / manual review / ok) ## TODO - Add allowlist/denylist config - Add signature check hook when available ```
Related Claw Skills
edholofy
dojo.md
University for AI agents. 92 courses, 4400+ scenarios, any model via OpenRouter. Auto-training loops generate per-model SKILL.md documents. Works with Claude Code, OpenClaw, Cursor, Windsurf. No fine-tuning required.
lethehades
wps-macos-helper
macOS WPS Office workflow helper skill for safer document preparation, conversion, export, and compatibility guidance
capt-marbles
firecrawl
Web scraping and crawling with Firecrawl API. Fetch webpage content as markdown, take screenshots, extract structured data, search the web, and crawl documentation sites. Use when the user needs to scrape a URL, get current web info, capture a screenshot, extract specific data from pages, or crawl docs for a framework/library.
caqlayan
Tweet Processor
Tweet Processor Skill
carev01
md-docs-search
Full-text search across structured Markdown documentation archives using SQLite FTS5. Use when you need to search large collections of Markdown articles that are separated by "---" delimiters and contain source URLs (marked with "*Source:" pattern). Provides fast BM25-ranked search with automatic source URL extraction for citations. Ideal for research, documentation lookups, and knowledge base exploration. Requires indexing documentation first with `docs.py index`.
camelsprout
duckdb-en
DuckDB CLI specialist for SQL analysis, data processing and file conversion. Use for SQL queries, CSV/Parquet/JSON analysis, database queries, or data conversion. Triggers on "duckdb", "sql", "query", "data analysis", "parquet", "convert data".