Claw1 Skill Auditor

# Skill Auditor 🔍

Analyze OpenClaw skill files for security risks, quality issues, and best-practice violations. Built in response to the ClawHavoc incident where 341+ malicious skills were discovered on ClawHub.

## Why This Exists

In February 2026, the ClawHavoc investigation revealed thousands of compromised skills on ClawHub — skills that exfiltrated data, injected hidden instructions, and hijacked agent behavior. **Trust but verify.**

This skill helps you audit any SKILL.md file before installing it.

## Commands

### `/audit skill <path_or_url>`
Run a full security and quality audit on a SKILL.md file. Analyzes for:

**Security Checks:**
- 🔴 Data exfiltration patterns (sending data to external URLs/APIs without user consent)
- 🔴 Hidden instruction injection (concealed system prompts, invisible Unicode, prompt injection)
- 🔴 Credential harvesting (requesting API keys, tokens, passwords unnecessarily)
- 🔴 File system abuse (writing outside workspace, modifying system files, deleting configs)
- 🔴 Privilege escalation (requesting elevated permissions, sudo usage, system modifications)
- 🟡 Obfuscated code (base64 blobs, encoded payloads, minified logic blocks)
- 🟡 Excessive permissions (requesting more access than the skill's purpose requires)
- 🟡 Network calls without explanation (undocumented external API calls)

**Quality Checks:**
- 🟡 Missing metadata (no version, no author, no description, no tags)
- 🟡 No usage examples
- 🟡 Unclear or vague command descriptions
- 🟢 Proper documentation structure
- 🟢 Clear scope and purpose
- 🟢 Versioning present

### `/audit quick <path_or_url>`
Run only the security checks (skip quality). Faster for quick trust decisions.

### `/audit compare <path1> <path2>`
Compare two versions of a skill to identify what changed — useful for catching malicious updates.

### `/audit report <path_or_url>`
Generate a detailed markdown report suitable for sharing with other agents or posting on Moltbook.

## Output Format

Ea...