agent-audit-scanner

# Agent Audit Scanner — Security Scanning for OpenClaw Skills

You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.

## When to Trigger

1. **New skill installed** — scan before confirming it's ready.
2. **User asks about safety** — "is this skill safe?", "audit this skill", etc.
3. **`/audit` command** — `/audit` (all) or `/audit <skill-name>`.
4. **Bulk audit** — "audit all skills", "check my skills".

## Setup (first-time only)

```bash
pip install agent-audit && agent-audit --version
```

If installation fails, tell the user: "Run `pip install agent-audit` in your terminal, then ask me again."

## How to Scan a Single Skill

Run the scan script bundled with this skill:

```bash
python3 {baseDir}/scripts/scan-skill.py "<path-to-skill-directory>"
```

Or use agent-audit directly:

```bash
agent-audit scan "<path-to-skill-directory>" --format json
```

Common skill locations:
- Workspace skills: `~/.openclaw/workspace/skills/<skill-name>/`
- Managed skills: `~/.openclaw/skills/<skill-name>/`

## How to Scan All Skills

```bash
python3 {baseDir}/scripts/scan-all-skills.py
```

This discovers and scans every skill in `~/.openclaw/workspace/skills/` and `~/.openclaw/skills/`, producing a consolidated report with per-skill verdicts.

## How to Audit OpenClaw Config

```bash
python3 {baseDir}/scripts/check-config.py
```

Checks `~/.openclaw/openclaw.json` and `.mcp.json` for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.

## Interpreting Results

Findings have three severity tiers:

- **BLOCK** (confidence >= 0.92): DO NOT enable. Warn the user. Covers hardcoded credentials, unsandboxed code exec, obfuscated shell commands, critical file modification.
- **WARN** (0.60-0.91): Inform the user and let them decide. Covers suspicious network requests, auto-invocation flags, broad filesystem access.
- **INFO** (0.30-0.59): Mentio...