skill-security-audit

Detect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ malicious skills on ClawHub platform. Use this skill when the user mentions: 安全审计, security audit, skill 检查, 技能安全, scan skills, supply chain security, 扫描技能, 恶意检测, malicious skill, skill 安全扫描 When the user requests a security audit, follow these 5 steps: This auto-discovers and scans all skills in: Read the scanner output. Findings are grouped by skill and sorted by severity: Present findings in this format: For CRITICAL findings: For HIGH findings: Exit codes: 0 = clean, 1 = low/medium risk, 2 = high risk, 3 = critical, 4 = scanner error Each finding includes a confidence score (0-100): When the scanner flags something, also check: The IOC database is at scripts/ioc_database.json . To add new indicators: For detailed information, read these files as needed: - ~/.claude/skills/ - ~/.openclaw/workspace/skills/ - Extra directories from ~/.openclaw/openclaw.json → skills.load.extraDirs - Read references/remediation-guide.md for incident response steps - Guide user through credential rotation if credential theft was detected - Help quarantine the malicious skill - Help user manually review the flagged code - Determine if the pattern is legitimate or malicious in context - Offer to scan a specific skill in detail: python3 skill_audit.py --path /path/to/skill - Offer to explain any...