概述

Skill Auditor 🔍

Audit ClawHub skills for security threats before installing them.

Triggers

Use this skill when:

"Audit this skill"
"Check skill security"
Before installing any third-party skill

Usage

Method 1: Pre-install audit (recommended)

# Inspect without installing
clawhub inspect <skill-name>

# Run the audit script
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <skill-name>

Method 2: Audit an installed skill

~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <skill-path>

Detection Layers

L1: Pattern Matching

Severity	Pattern	Risk
----------	---------	------
🔴 High	`base64.*\	.*bash`	Encoded execution
🔴 High	`curl.*\	.*bash`	Remote script execution
🔴 High	`eval\(` / `exec\(`	Dynamic code execution
🔴 High	Known C2 server IPs	Malicious communication
🟡 Medium	Access to `~/.openclaw/`	Config theft
🟡 Medium	Reads `$API_KEY` etc.	Credential leakage
🟡 Medium	Social engineering keywords	User deception
🟢 Low	Requires sudo	Elevated privileges

L2: Deobfuscation

Automatically decodes hidden malicious payloads:

Base64 — Decodes and scans for hidden commands
Hex — Decodes \x41\x42 format strings
Checks decoded content for C2 servers and dangerous commands

L3: LLM Analysis (optional)

Uses Gemini CLI to analyze suspicious code intent:

Semantic understanding beyond pattern matching
Detects novel/unknown threats
Requires gemini CLI installed

Known Indicators of Compromise (IoC)

C2 Server IPs

91.92.242.30  # ClawHavoc primary server

Malicious Domains

glot.io       # Hosts obfuscated scripts
webhook.site  # Data exfiltration endpoint

Social Engineering Keywords

OpenClawDriver    # Non-existent "driver"
ClawdBot Driver   # Social engineering lure
Required Driver   # Tricks users into installing malware

Output Format

═══════════════════════════════════════════
  SKILL AUDIT REPORT: <skill-name>
═══════════════════════════════════════════

🔴 HIGH RISK FINDINGS:
   [LINE 23] base64 encoded execution detected
   [LINE 45] curl|bash pattern found

🟡 MEDIUM RISK FINDINGS:
   [LINE 12] Accesses ~/.openclaw/ directory

🟢 LOW RISK FINDINGS:
   [LINE 5] Requires sudo for installation

═══════════════════════════════════════════
  VERDICT: ❌ DO NOT INSTALL
═══════════════════════════════════════════

Best Practices

Always audit before install — Never skip the security check
Trust no skill blindly — Including highly starred or popular ones
Check updates — Skill updates may introduce malicious code
Report suspicious skills — Send to steipete@gmail.com

Maintenance

Update this skill when new threats are discovered:

New malicious IP → Add to MALICIOUS_IPS
New malicious domain → Add to MALICIOUS_DOMAINS
New social engineering lure → Add to SOCIAL_ENGINEERING
New attack pattern → Add regex detection

Update location: variable definitions at the top of scripts/audit.sh

References

版本历史

共 1 个版本

v2.1.1 当前

2026-03-28 17:42 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)