概述

Skill Trust Auditor

Audit any ClawHub skill for security risks before installation.

🛠️ Installation

1. Ask OpenClaw (Recommended)

Tell OpenClaw: "Install the skill-trust-auditor skill." The agent will handle the installation and configuration automatically.

2. Manual Installation (CLI)

If you prefer the terminal, run:

clawhub install skill-trust-auditor

Setup (first run only)

bash scripts/setup.sh

Audit a Skill

When user says "audit [skill-name]" or "is [skill-name] safe" or before any clawhub install:

bash scripts/audit.sh [skill-name-or-url]
# Example:
bash scripts/audit.sh steipete/clawhub
bash scripts/audit.sh https://clawhub.ai/someuser/someskill

Output:

{
  "skill": "someuser/someskill",
  "trust_score": 72,
  "verdict": "INSTALL WITH CAUTION",
  "risks": [
    {"level": "HIGH", "pattern": "curl to external domain", "location": "scripts/sync.sh:14"},
    {"level": "MEDIUM", "pattern": "reads MEMORY.md", "location": "SKILL.md:23"}
  ],
  "safe_patterns": ["no env var access", "no self-modification"],
  "author_verified": false,
  "recommendation": "Review scripts/sync.sh:14 before installing. The external curl call could exfiltrate data."
}

Post to user with clear summary:

🛡️ Trust Audit: someuser/someskill
Score: 72/100 — ⚠️ INSTALL WITH CAUTION

🔴 HIGH: curl to unknown domain in scripts/sync.sh:14
🟡 MEDIUM: reads your MEMORY.md

Recommendation: Inspect line 14 of sync.sh before proceeding.
Run: clawhub show someuser/someskill --file scripts/sync.sh

Trust Score Guide

Score	Verdict	Action
-------	---------	--------
90-100	✅ SAFE	Install freely
70-89	⚠️ CAUTION	Review flagged items first
50-69	🟠 RISKY	Only if you understand the risks
0-49	🔴 DO NOT INSTALL	High probability of malicious intent

Risk Pattern Reference

HIGH RISK (-30 each):

process.env access in scripts
curl/wget to non-standard domains
Reading ~/.config or ~/.openclaw directly
exec() with user-controlled input
Instructions to modify SOUL.md/AGENTS.md/openclaw.json

MEDIUM RISK (-10 each):

Any outbound API calls (even to known services)
File writes outside workspace
Reading MEMORY.md or diary files

LOW RISK (-3 each):

web_fetch to standard domains
Read-only file access in workspace

Auto-Audit Mode

Optionally prepend audit to every install:

# Add to your shell aliases:
alias clawhub-safe='bash ~/.openclaw/workspace/skills/skill-trust-auditor/scripts/audit.sh $1 && clawhub install $1'

ClawHavoc Pattern Reference

See references/clawhavoc-patterns.md for known malicious patterns from the February 2026 incident. Update this file when new incidents are reported.

版本历史

共 2 个版本

v1.1.3 当前

2026-03-29 11:46 安全安全
v1.1.1

2026-03-07 01:52

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)