Security Audit (Sona)
by @virtaava
Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.
clawhub install sona-security-auditπ About This Skill
name: security-audit description: "Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing." metadata: {"openclaw":{"emoji":"π‘οΈ","requires":{"bins":["jq","trufflehog","semgrep","python3"]},"install":[{"id":"apt-jq","kind":"apt","package":"jq","bins":["jq"],"label":"Install jq (apt)"},{"id":"apt-ghog","kind":"apt","package":"python3","bins":["python3"],"label":"Install Python 3 (apt)"},{"id":"apt-trufflehog","kind":"apt","package":"trufflehog","bins":["trufflehog"],"label":"Install trufflehog (apt)"},{"id":"pipx-semgrep","kind":"shell","label":"Install semgrep (pipx)","command":"python3 -m pip install --user pipx && python3 -m pipx ensurepath && pipx install semgrep"},{"id":"brew-jq","kind":"brew","formula":"jq","bins":["jq"],"label":"Install jq (brew)"},{"id":"brew-trufflehog","kind":"brew","formula":"trufflehog","bins":["trufflehog"],"label":"Install trufflehog (brew)"},{"id":"brew-semgrep","kind":"brew","formula":"semgrep","bins":["semgrep"],"label":"Install semgrep (brew)"}]}}
security-audit
A hostile-by-design, fail-closed audit workflow for codebases and OpenClaw/ClawHub skills.
It does not try to answer βdoes this skill work?β. It tries to answer: βcan this skill betray the system?β
What it checks (high level)
This skillβs scripts combine multiple layers:
If any layer fails, the overall audit is FAIL.
Run an audit (JSON)
From this skill folder (use bash so it works even if executable bits were not preserved by a zip download):
bash scripts/run_audit_json.sh
Example:
bash scripts/run_audit_json.sh . > /tmp/audit.json
jq '.ok, .tools' /tmp/audit.json
Security levels (user configurable)
Set the strictness level (default: standard):
OPENCLAW_AUDIT_LEVEL=standard bash scripts/run_audit_json.sh
OPENCLAW_AUDIT_LEVEL=strict bash scripts/run_audit_json.sh
OPENCLAW_AUDIT_LEVEL=paranoid bash scripts/run_audit_json.sh
standard: pragmatic strict defaults (lockfiles required; install hooks/persistence/prompt-injection signals fail)strict: more patterns become hard FAIL (e.g. minified/obfuscation artifacts)paranoid: no "best-effort" hashing failures; more fail-closed behaviorManifest requirement (for zero-trust install workflows)
For strict/quarantine workflows, require a machine-readable intent/permissions manifest at repo root:
openclaw-skill.jsonIf a repo/skill does not provide this manifest, the hostile audit should treat it as FAIL.
See: docs/OPENCLAW_SKILL_MANIFEST_SCHEMA.md.
Optional: execution sandbox (Docker)
Docker is optional here. This skill can be used for static auditing without Docker.
If you want to execute any generated/untrusted code, run it in a separate sandbox workflow (recommended).
Files
scripts/run_audit_json.sh β main JSON audit runnerscripts/hostile_audit.py β prompt-injection/persistence/dependency hygiene scannerscripts/security_audit.sh β convenience wrapper (always returns JSON, never non-zero)openclaw-skill.json β machine-readable intent/permissions manifest