# Pure Mathematical Audit Skill - Professional Edition
version: 3.6.1 | Read-Only File Access, No Network Access, No Dynamic Execution
A professional mathematical depth audit tool for OpenClaw skills and code. Provides comprehensive mathematical quality assessment based on advanced algorithms from information theory, graph theory, algorithmic complexity, and statistical analysis.
Note: This is the complete professional edition (~54KB) with full mathematical analysis capabilities. For a simplified version, contact the maintainer.
?No file writes or modifications - Cannot modify any files (read-only)
?No network calls - Cannot access localhost or any network
?No dynamic execution - Cannot execute any code (no eval/exec/compile)
?No background processes - No daemon, no monitoring, no services
?No subprocess calls - No shell execution, no external processes
?No external dependencies - No requests, numpy, scipy, etc.
# Install the skill
openclaw skill install mathematical-audit
# Run audit on a target
openclaw skill run mathematical-audit --target /path/to/skill
# Or use directly
python skill.py /path/to/target
# Show summary only
python skill.py /path/to/target --summary
The skill returns detailed analysis including:
# 1. Check for network access
grep -r "import requests\|import urllib\|import http\|import socket\|http://\|https://" skill.py
# 2. Check for dynamic execution
grep -r "eval(\|exec(\|compile(\|__import__" skill.py
# 3. Check for subprocess calls
grep -r "import subprocess\|subprocess\.\|os\.system\|shell=True" skill.py
# 4. Check for file writes
grep -r "open(.*'w'\|open(.*\"w\"" skill.py
# 5. Run Bandit security scan
pip install bandit
bandit -r .
#!/usr/bin/env python3
import sys
def verify_security():
with open('skill.py', 'r', encoding='utf-8') as f:
content = f.read()
checks = [
("Network", ["requests", "urllib", "http.client", "socket", "http://", "https://"]),
("Dynamic", ["eval(", "exec(", "compile(", "__import__("]),
("Subprocess", ["subprocess", "os.system", "shell=True"]),
("File writes", ["open(", "'w'", '"w"', "'wb'", '"wb"']),
]
issues = []
for check_name, patterns in checks:
for pattern in patterns:
if pattern in content:
# Check if it's in a comment or string
lines = content.split('\n')
for line in lines:
if pattern in line and not line.strip().startswith('#'):
if f"'{pattern}'" not in line and f'"{pattern}"' not in line:
issues.append(f"{check_name}: {pattern}")
break
if issues:
print("Security issues found:")
for issue in issues:
print(f" - {issue}")
return False
else:
print("All security checks passed")
return True
if __name__ == "__main__":
if verify_security():
sys.exit(0)
else:
sys.exit(1)
MIT License - Free to use, modify, and distribute.
共 1 个版本