🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Security Audit (Sona)

by @virtaava

Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.

Versionv0.1.3
Downloads3,029
Installs4
Stars⭐ 1
TERMINAL
clawhub install sona-security-audit

πŸ“– About This Skill


name: security-audit description: "Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing." metadata: {"openclaw":{"emoji":"πŸ›‘οΈ","requires":{"bins":["jq","trufflehog","semgrep","python3"]},"install":[{"id":"apt-jq","kind":"apt","package":"jq","bins":["jq"],"label":"Install jq (apt)"},{"id":"apt-ghog","kind":"apt","package":"python3","bins":["python3"],"label":"Install Python 3 (apt)"},{"id":"apt-trufflehog","kind":"apt","package":"trufflehog","bins":["trufflehog"],"label":"Install trufflehog (apt)"},{"id":"pipx-semgrep","kind":"shell","label":"Install semgrep (pipx)","command":"python3 -m pip install --user pipx && python3 -m pipx ensurepath && pipx install semgrep"},{"id":"brew-jq","kind":"brew","formula":"jq","bins":["jq"],"label":"Install jq (brew)"},{"id":"brew-trufflehog","kind":"brew","formula":"trufflehog","bins":["trufflehog"],"label":"Install trufflehog (brew)"},{"id":"brew-semgrep","kind":"brew","formula":"semgrep","bins":["semgrep"],"label":"Install semgrep (brew)"}]}}

security-audit

A hostile-by-design, fail-closed audit workflow for codebases and OpenClaw/ClawHub skills.

It does not try to answer β€œdoes this skill work?”. It tries to answer: β€œcan this skill betray the system?”

What it checks (high level)

This skill’s scripts combine multiple layers:

  • Secrets / credential leakage: trufflehog
  • Static analysis: semgrep (auto rules)
  • Hostile repo audit (custom): prompt-injection signals, persistence mechanisms, suspicious artifacts, dependency hygiene
  • If any layer fails, the overall audit is FAIL.

    Run an audit (JSON)

    From this skill folder (use bash so it works even if executable bits were not preserved by a zip download):

    bash scripts/run_audit_json.sh 
    

    Example:

    bash scripts/run_audit_json.sh . > /tmp/audit.json
    jq '.ok, .tools' /tmp/audit.json
    

    Security levels (user configurable)

    Set the strictness level (default: standard):

    OPENCLAW_AUDIT_LEVEL=standard bash scripts/run_audit_json.sh 
    OPENCLAW_AUDIT_LEVEL=strict   bash scripts/run_audit_json.sh 
    OPENCLAW_AUDIT_LEVEL=paranoid bash scripts/run_audit_json.sh 
    

  • standard: pragmatic strict defaults (lockfiles required; install hooks/persistence/prompt-injection signals fail)
  • strict: more patterns become hard FAIL (e.g. minified/obfuscation artifacts)
  • paranoid: no "best-effort" hashing failures; more fail-closed behavior
  • Manifest requirement (for zero-trust install workflows)

    For strict/quarantine workflows, require a machine-readable intent/permissions manifest at repo root:

  • openclaw-skill.json
  • If a repo/skill does not provide this manifest, the hostile audit should treat it as FAIL.

    See: docs/OPENCLAW_SKILL_MANIFEST_SCHEMA.md.

    Optional: execution sandbox (Docker)

    Docker is optional here. This skill can be used for static auditing without Docker.

    If you want to execute any generated/untrusted code, run it in a separate sandbox workflow (recommended).

    Files

  • scripts/run_audit_json.sh β€” main JSON audit runner
  • scripts/hostile_audit.py β€” prompt-injection/persistence/dependency hygiene scanner
  • scripts/security_audit.sh β€” convenience wrapper (always returns JSON, never non-zero)
  • openclaw-skill.json β€” machine-readable intent/permissions manifest