skill-security-audit

Skill Security Audit Detect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ malicious skills on ClawHub platform. Triggers Use this skill when the user mentions: 安全审计, security audit, skill 检查, 技能安全, scan skills, supply chain security, 扫描技能, 恶意检测, malicious skill, skill 安全扫描 Quick Audit Workflow When the user requests a security audit, follow these 5 steps: Step 1: Run the Scanner python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py This auto-discovers and scans all skills in: ~/.claude/skills/ ~/.openclaw/workspace/skills/ Extra directories from ~/.openclaw/openclaw.json → skills.load.extraDirs Step 2: Analyze Results Read the scanner output. Findings are grouped by skill and sorted by severity: Severity Meaning Action Required CRITICAL Known malicious IOC match, credential theft, or download-and-execute Immediate removal and credential rotation HIGH Obfuscation, persistence mechanisms, privilege escalation Manual review required, likely malicious MEDIUM Suspicious patterns (Base64, network calls, high entropy) Review context — may be legitimate LOW Social engineering naming, informational Note for awareness Step 3: Report to User Present findings in this format: ## Audit Summary - Skills scanned: N - Files scanned: N - CRITICAL: N | HIGH: N | MEDIUM: N | LOW: N ## Critical/High Findings (if any) For each finding: - Skill name and file path - What was detected and why it's dangerous - Recommended action ## Medium/Low Findings (if any) Brief summary, noting which are likely false positives Step 4: Recommend Actions For CRITICAL findings: Read references/remediation-guide.md for incident response steps Guide user through credential rotation if credential theft was detected Help quarantine the malicious skill For HIGH findings: Help user manually review the flagged code Determine if the pattern is legitimate or malicious in context Step 5: Follow Up Offer to scan a specific skill in detail: python3 skill_audit.py --path /path/to/skill Offer to explain any finding in depth using references/threat-patterns.md Scanner Command Reference # Scan all discovered skills python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py # Scan a single skill directory python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --path /path/to/skill # JSON output (for programmatic use) python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --json # Filter by minimum severity python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --severity high # Disable colored output python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --no-color # Use custom IOC database python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --ioc-db /path/to/ioc.json Exit codes: 0 = clean, 1 = low/medium risk, 2 = high risk, 3 = critical, 4 = scanner error 13 Detection Categories Detector What It Finds Severity Base64Detector Encoded strings >50 chars (excluding data:image) MEDIUM→HIGH DownloadExecDetector curl|bash, wget|sh, fetch+eval patterns CRITICAL IOCMatchDetector Known malicious IPs, domains, URLs, file hashes CRITICAL ObfuscationDetector eval/exec with non-literal args, hex encoding, chr() chains HIGH ExfiltrationDetector ZIP+upload combos, sensitive directory enumeration HIGH CredentialTheftDetector osascript password dialogs, keychain access, SSH key reading CRITICAL PersistenceDetector crontab, launchd, systemd, shell profile modification HIGH PostInstallHookDetector npm postinstall, pip setup.py cmdclass HIGH→CRITICAL HiddenCharDetector Zero-width characters, Unicode bidi overrides MEDIUM EntropyDetector Shannon entropy >5.5 on long lines MEDIUM SocialEngineeringDetector crypto/wallet/airdrop/security-update naming LOW→MEDIUM NetworkCallDetector socket, http, urllib, requests, fetch, curl, wget MEDIUM PrivilegeEscalationDetector sudo, chmod 777, setuid, admin group modification HIGH Understanding Confidence Scores Each finding includes a confidence score (0-100): 80-100: Very likely a genuine threat 50-79: Suspicious, manual review recommended 30-49: Possible false positive, check context <30: Informational, low confidence Manual Review Checklist When the scanner flags something, also check: Source verification — Is the skill from an official/verified source? Check author reputation. Permission scope — Does the skill request more permissions than its stated functionality needs? Script audit — Read all .sh, .py, .js files. Look for obfuscation, unexpected network calls. Dependency check — Run npm audit or pip-audit if the skill has package dependencies. Changelog review — Were suspicious changes introduced in a recent update? Updating the IOC Database The IOC database is at scripts/ioc_database.json. To add new indicators: Edit the JSON file following the existing schema Run the scanner to verify your new IOCs are detected Update references/ioc-database.md to keep the human-readable version in sync Reference Documents For detailed information, read these files as needed: references/ioc-database.md — Full IOC list with context and attribution references/threat-patterns.md — 9 attack patterns in detail (two-stage payload, Base64 backdoor, password phishing, etc.) references/remediation-guide.md — Step-by-step incident response (quarantine, credential rotation, persistence cleanup, reporting) Weekly Installs224Repositorysmartchainark/s…ty-auditGitHub Stars6First SeenFeb 10, 2026Security AuditsGen Agent Trust HubFailSocketWarnSnykPassInstalled oncodex218opencode218kimi-cli217gemini-cli217github-copilot217amp217