skill-trust-auditor
CommunityAudit ClawHub skills for security risk.
Legal & Compliance#security audit#risk assessment#prompt injection#supply chain#malware detection#agent safety#trust score
AuthorWanli-Lee
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you prevent supply-chain and prompt-injection style security incidents by checking a ClawHub skill’s content for dangerous patterns before you install and run it.
Core Features & Use Cases
- Automated security scanning: Fetches the target skill’s SKILL.md and referenced scripts, then runs 52 regex-based checks against known attack vectors.
- Trust Score with explainable findings: Produces a 0–100 Trust Score plus a list of flagged risk items with exact file locations and matched snippets.
- Optional LLM-as-judge mode: Uses Anthropic Claude Haiku as an advisory reviewer for ambiguous curl intent when an API key is available.
- Safety-focused decision support: Converts scan results into clear verdicts (SAFE / INSTALL WITH CAUTION / RISKY / DO NOT INSTALL) and actionable next steps.
Quick Start
Ask OpenClaw to install the skill-trust-auditor skill, then tell your agent: Audit steipete/some-skill before I install it.
Dependency Matrix
Required Modules
python3requestsanthropic
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: skill-trust-auditor Download link: https://github.com/Wanli-Lee/CUA-Claw-Harness/archive/main.zip#skill-trust-auditor Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.