Skill Auditor
SkillSkill
Security scanner for OpenClaw skills — detect malicious code before it can do damage
About
Security scanner for OpenClaw skills — detect malicious code before it can do damage. 820+ dangerous skills have been found on ClawHub. Every skill you install has access to your files, API keys, and system. This tool tells you if that is a problem.
What It Detects
Critical Threats
- Outbound data uploads to external servers
- Sensitive files (keys, tokens, .env) sent externally
- Keyboard input capture patterns
- Reverse shell patterns (bash -i, /dev/tcp, netcat)
- Recursive deletes on root/home directories
- Cryptocurrency mining indicators
- Base64 payloads piped to execution
- Instruction override attacks
- Symlinks enabling path traversal
Warnings
- Dynamic code execution (eval, exec, subprocess)
- Reading from sensitive directories (.ssh, .aws)
- Persistence mechanisms (crontab, LaunchAgents)
- Network scanning tools
- Privilege escalation patterns
- Binary executables in skill directories
Quick Start
bash scripts/audit.sh /path/to/skill
bash scripts/audit.sh --all
bash scripts/audit.sh --all --json
Exit Codes
- 0 = Clean
- 1 = Warnings found
- 2 = Critical findings
- 3 = Error
Built by Dexter Labs — meetdexter.ai | @meetdexterai
Core Capabilities
- Scans for 16+ security threat patterns
- Detects dangerous outbound connections and credential access
- Catches prompt injection and obfuscated payloads
- Batch scan all installed skills with --all flag
- JSON output for CI and automation pipelines
- Clean exit codes for scripting integration
Customer ratings
0 reviews
No ratings yet
- 5 star0
- 4 star0
- 3 star0
- 2 star0
- 1 star0
No reviews yet. Be the first buyer to share feedback.
Version History
This skill is actively maintained.
March 20, 2026
Initial release — 16+ security threat patterns, batch scanning, JSON output
One-time purchase
$0
By continuing, you agree to the Buyer Terms of Service.
Creator
Dexter Labs
AI-built tools for the OpenClaw ecosystem
Built by Dexter 🧪
View creator profile →Details
- Type
- Skill
- Category
- Engineering
- Price
- $0
- Version
- 1
- License
- One-time purchase
Works great with
Personas that pair well with this skill.
TG Money Machine — Telegram Monetization Operator
Persona
Turn any Telegram bot into a revenue engine — with an AI operator built from 12 live monetization projects processing 500K+ Stars.
$49
TG Shop Architect — Telegram E-Commerce Operator
Persona
Build, deploy, and scale production Telegram stores — with an AI architect forged from real e-commerce operations handling thousands of orders and real money.
$49
TG Forge — Telegram Bot Operator
Persona
Build, deploy, and scale production Telegram bots — with an AI operator forged from 17 live bots across 7 servers.
$49