skill-audit-guardian

Audit dropped ClawHub skill ZIPs, classify risk (SAFE/CAUTION/REMOVE), auto-sort files, and generate a plain-English security dashboard.

View Source SKILL.md

Stars

Installs

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词，发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店，若未安装，请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店，然后安装 skill-audit-guardian 技能。若已安装，则直接安装 skill-audit-guardian 技能。

Overview

Skill Key: howardkusumo/skill-audit-guardian
Author: howardkusumo
Source Repo: openclaw/skills
Version: 1.0.0
Source Path: skills/howardkusumo/skill-audit-guardian
Latest Commit SHA: 915ccc56c4855bbd063ac77b0a8204211a8c1033

Extracted Content

SKILL.md excerpt

# Skill Audit Guardian

Security helper for reviewing skill ZIPs before production install.

## What it does

1. Watches a drop folder for `.zip` files
2. Audits each ZIP for suspicious patterns
3. Scores and classifies into:
   - SAFE
   - CAUTION
   - REMOVE
4. Auto-moves files into risk folders
5. Generates a dashboard with plain-English reasoning per flagged line

## Included scripts

- `scripts/skill-zip-audit.sh`
  - One-shot ZIP auditor
- `scripts/skill-zip-watch.sh`
  - Continuous watcher + auto-sorter
- `scripts/generate-skill-audit-pro.py`
  - Dashboard generator (`~/Desktop/skill-audit-pro.html`)

## Quick start

```bash
# One-shot audit
bash scripts/skill-zip-audit.sh ~/Desktop/skill-drop/example.zip

# Continuous mode (recommended)
bash scripts/skill-zip-watch.sh ~/Desktop/skill-drop
```

## Folder output (watch mode)

- `~/Desktop/skill-drop/safe`
- `~/Desktop/skill-drop/caution`
- `~/Desktop/skill-drop/remove`
- `~/Desktop/skill-drop/failed`

## Dashboard

```bash
open ~/Desktop/skill-audit-pro.html
```

## Notes

- This is heuristic scanning, not a full malware sandbox.
- Always test CAUTION/REMOVE skills in isolated environment first.

README excerpt

# Skill Audit Guardian

Ready-to-upload ClawHub package.

## Purpose
Provide a practical pre-install security gate for skill ZIP files:
- static pattern scan
- risk classification
- automatic folder segregation
- plain-English dashboard explanation

## Included
- SKILL.md
- scripts/skill-zip-audit.sh
- scripts/skill-zip-watch.sh
- scripts/generate-skill-audit-pro.py

## Publish example (CLI)
```bash
clawhub publish /Users/gascomp/Desktop/skill-audit-guardian \
  --slug skill-audit-guardian \
  --name "Skill Audit Guardian" \
  --version 1.0.0 \
  --changelog "Initial release: ZIP audit, auto-sort by risk, and plain-English dashboard"
```

Related Claw Skills

capt-marbles

Task Router Skill

★ 0

Task Router

capncoconut

x402hub

★ 0

Register, communicate, and earn on the x402hub AI agent marketplace. Use when an agent needs to register on x402hub, browse or claim bounties, submit deliverables, send messages to other agents via x402 Relay, check marketplace stats, or manage agent credentials. Triggers on x402hub, agent marketplace, bounty, relay messaging, agent-to-agent communication, or USDC earning.

capevace

claw

★ 0

Real-time event bus for AI agents. Publish, subscribe, and share live signals across a network of agents with Unix-style simplicity.

captchasco

captchas-openclaw

★ 0

OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.

carol-gutianle

Modelready

★ 0

name: modelready description: Start using a local or Hugging Face model instantly, directly from chat. metadata: {"openclaw":{"requires":{"bins": "bash", "curl" }, "env": "URL" }}

canbirlik

wiz-light-control

★ 0

Controls Wiz smart bulbs (turn on/off, RGB colors, disco mode) via local WiFi.