Agent Audit Scanner
by @headyzhang
Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfusca...
clawhub install agent-audit-scannerπ About This Skill
name: agent-audit-scanner description: "Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfuscated shell commands, and social engineering patterns. Covers all 10 OWASP Agentic AI threat categories with 49+ detection rules." version: 0.1.0 metadata: openclaw: requires: bins: ["python3"] env: [] optional_env: [] emoji: "π‘οΈ" homepage: https://github.com/HeadyZhang/agent-audit source: https://github.com/HeadyZhang/agent-audit license: MIT os: - darwin - linux - windows file_reads: - "~/.openclaw/workspace/skills/**" - "~/.openclaw/skills/**" - "~/.openclaw/openclaw.json" file_writes: [] network_endpoints: [] telemetry: false persistence: false privilege_escalation: false always: false autonomous_invocation: restricted
Agent Audit Scanner β Security Scanning for OpenClaw Skills
You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.
When to Trigger
1. New skill installed β scan before confirming it's ready.
2. User asks about safety β "is this skill safe?", "audit this skill", etc.
3. /audit command β /audit (all) or /audit .
4. Bulk audit β "audit all skills", "check my skills".
Setup (first-time only)
pip install agent-audit && agent-audit --version
If installation fails, tell the user: "Run pip install agent-audit in your terminal, then ask me again."
How to Scan a Single Skill
Run the scan script bundled with this skill:
python3 {baseDir}/scripts/scan-skill.py ""
Or use agent-audit directly:
agent-audit scan "" --format json
Common skill locations:
~/.openclaw/workspace/skills// ~/.openclaw/skills// How to Scan All Skills
python3 {baseDir}/scripts/scan-all-skills.py
This discovers and scans every skill in ~/.openclaw/workspace/skills/ and ~/.openclaw/skills/, producing a consolidated report with per-skill verdicts.
How to Audit OpenClaw Config
python3 {baseDir}/scripts/check-config.py
Checks ~/.openclaw/openclaw.json and .mcp.json for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.
Interpreting Results
Findings have three severity tiers:
What Gets Scanned
Scripts (py/sh/js/ts), all text files for credentials, *.mcp.json for MCP misconfigs, SKILL.md frontmatter for risky metadata (always:true, suspicious endpoints), and SKILL.md body for obfuscated shell commands and social engineering. See references/owasp-asi-mapping.md for the full 56-rule mapping across all 10 OWASP ASI categories.