skill-security-auditor

Original source / Raw SKILL.md

---
name: skill-security-auditor
description: Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.
emoji: 🔍🛡️
metadata:
  openclaw:
    requires:
      bins: ["curl", "jq", "grep", "bash"]
    version: "1.0.0"
    author: "akm626"
    category: "security"
    tags: ["security", "audit", "malware-detection", "skill-vetting", "cli-tool"]
---

# Skill Security Auditor

## Description

The Skill Security Auditor is a **command-line tool** that performs pattern-based security analysis of ClawHub skills before installation. Given the recent discovery of 341+ malicious skills (ClawHavoc campaign) that distributed Atomic Stealer (AMOS) and stole cryptocurrency credentials, this tool provides essential pre-installation threat detection.

**What this skill provides:**
- ✅ Bash script (`analyze-skill.sh`) for local security analysis
- ✅ Threat intelligence database (`patterns/malicious-patterns.json`)
- ✅ Pattern matching against 20+ known malicious indicators
- ✅ Risk scoring system (0-100 scale)
- ✅ Detailed audit reports with recommendations

**How to use it:**
1. Install this skill from ClawHub
2. Run the `analyze-skill.sh` script against any skill (by slug or local file)
3. Review the risk assessment and findings
4. Make informed decision about installation

**Use this tool when:**
- About to install a new skill from ClawHub
- Investigating suspicious skill behavior  
- Performing security due diligence on community skills
- Auditing your currently installed skills

**This tool does NOT:**
- ❌ Automatically scan skills (you run it manually)
- ❌ Block installations (it's advisory only)
- ❌ Access VirusTotal API (use ClawHub's web interface for that)
- ❌ Guarantee 100% detection (defense in depth recommended)

## Core Capabilities

### 1. **Malicious Pattern Detection**
Scans for known malicious patterns from the ClawHavoc campaign:
- Fake prerequisite installations (openclaw-agent.zip, openclaw-setup.exe)
- Suspicious download commands in SKILL.md
- Hidden payload execution in metadata
- Social engineering language patterns
- Unauthorized external binary downloads

### 2. **Credential Leak Analysis**
Identifies potential credential exposure vectors:
- Hardcoded API keys, tokens, passwords in SKILL.md
- Suspicious environment variable exfiltration
- Unencrypted sensitive data transmission
- Overly broad permission requests
- Credential harvesting patterns

### 3. **Dependency Chain Validation**
Analyzes skill dependencies for:
- Unverified binary requirements
- Suspicious GitHub repository sources
- External script execution
- Network connections to unknown hosts
- Nested dependency exploitation

### 4. **C2 Infrastructure Detection**
Checks for Command & Control indicators:
- Known malicious IP addresses (e.g., 91.92.242.30 from ClawHavoc)
- Suspicious domain patterns
- Encoded communication endpoints
- Data exfiltration channels
- Beaconing behavior patterns

### 5. **SKILL.md Structure Validation**
Verifies skill integrity:
- Proper YAML frontmatter structure
- Metadata consistency
- Description clarity vs actual behavior
- Permission justification
- Author verification (GitHub account age)

## Security Scoring System

Each analyzed skill receives a **Risk Score (0-100)**:

- **0-20**: ✅ **SAFE** - No significant security concerns
- **21-40**: ⚠️ **LOW RISK** - Minor concerns, proceed with caution
- **41-60**: 🟡 **MEDIUM RISK** - Multiple red flags, manual review recommended
- **61-80**: 🔴 **HIGH RISK** - Serious concerns, do NOT install without expert review
- **81-100**: ☠️ **CRITICAL** - Malicious indicators detected, AVOID installation

## Usage Instructions

This skill provides a **bash script** (`analyze-skill.sh`) that performs pattern-based security analysis of ClawHub skills. The analysis runs locally using the included threat intelligence database.

### Installation & Setup

```bash
# Install the skill from ClawHub
npx clawhub install skill-security-auditor

# Make the analyzer executable
chmod +x ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh

# Optional: Create alias for convenience
echo 'alias audit-skill="~/.openclaw/skills/skill-security-auditor/analyze-skill.sh"' >> ~/.bashrc
source ~/.bashrc
```

### Audit a Skill Before Installing

**Method 1: Analyze by slug (automatic fetch from ClawHub)**

```bash
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh --slug bitcoin-tracker

# Example output:
# ============================================
#          SECURITY AUDIT REPORT
# ============================================
# 
# Risk Score: 85/100 - ☠️ CRITICAL
# ...
```

**Method 2: Analyze local file**

```bash
# Download skill first
curl -s "https://clawhub.ai/api/skills/bitcoin-tracker/latest" > /tmp/skill.md

# Then analyze
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh --file /tmp/skill.md
```

### Audit All Installed Skills

```bash
# Scan all skills in your workspace
for skill in ~/.openclaw/skills/*/SKILL.md; do
  echo "Checking: $(basename $(dirname $skill))"
  ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -f "$skill"
done
```

### Quick Manual Security Check

```bash
# Fast grep-based pattern matching (no full analysis)
grep -iE "(prerequisite.*download|91\.92\.242\.30|curl.*\|.*bash)" SKILL.md
```

## Detection Heuristics

### 🚨 CRITICAL Red Flags (Auto-fail)

1. **Fake Prerequisites Section**
   - Matches: "Prerequisites", "Setup Required", "Installation Steps"
   - Contains: Download links to `.zip`, `.exe`, `.dmg` files
   - Example: "Download openclaw-agent.zip from https://..."

2. **Known Malicious Infrastructure**
   - IP: `91.92.242.30` (ClawHavoc C2)
   - Domains: Newly registered or suspicious TLDs
   - Encoded URLs or base64 obfuscation

3. **Credential Harvesting**
   - Regex patterns for API keys: `(api[_-]?key|token|password)\s*[:=]\s*['\"][^'\"]+['\"]`
   - SSH key access requests
   - Wallet private key patterns

4. **Unauthorized Code Execution**
   - `curl | bash` or `wget | sh` patterns
   - Hidden base64 encoded commands
   - Dynamic eval() or exec() on external input

### ⚠️ Warning Indicators (Score increase)

1. **Suspicious Dependencies**
   - Binary requirements without clear justification
   - Dependencies from unverified sources
   - Excessive permission requests

2. **Obfuscation Techniques**
   - Heavily encoded strings in metadata
   - Minified or obfuscated JavaScript/Python
   - Redirect chains in URLs

3. **Social Engineering Language**
   - Urgency phrases: "Install immediately", "Limited time"
   - Authority claims: "Official OpenClaw", "Verified by Anthropic"
   - Fear tactics: "Your system is at risk without this"

### ✅ Positive Security Indicators

1. **Verified Author**
   - GitHub account > 1 year old
   - Multiple well-rated skills
   - Active community engagement

2. **Transparent Dependencies**
   - Clear binary requirements with official sources
   - Open-source tool dependencies
   - Well-documented permission needs

3. **Code Quality**
   - Clean, readable SKILL.md
   - Proper error handling
   - No unnecessary network calls

## Audit Report Format

```markdown
## Security Audit Report
**Skill**: {skill-name}
**Author**: {author}
**Version**: {version}
**Audit Date**: {date}

### Risk Score: {score}/100 - {RISK_LEVEL}

### Critical Findings:
- {finding 1}
- {finding 2}

### Warning Indicators:
- {warning 1}
- {warning 2}

### Positive Indicators:
- {positive 1}
- {positive 2}

### Recommendations:
{INSTALL | DO NOT INSTALL | REVIEW MANUALLY}

### Detailed Analysis:
{Deep dive into specific concerns}

### VirusTotal Link:
{If available from ClawHub}
```

## Integration with VirusTotal

**Important**: This skill does NOT directly access VirusTotal's API. Instead, VirusTotal integration is available through ClawHub's web interface via their partnership with VirusTotal.

To check VirusTotal results for a skill:

1. Visit the skill's ClawHub page: `https://clawhub.ai/skills/{skill-slug}`
2. Look for the VirusTotal scan results on the skill's page
3. ClawHub automatically scans published skills via their VirusTotal partnership

**This analyzer focuses on pattern-based threat detection.** It complements (but does not replace) ClawHub's VirusTotal scanning.

### Recommended Security Workflow

1. **Run this analyzer first** - Pattern-based detection (local, instant)
2. **Check ClawHub's VirusTotal results** - Binary/file reputation (if available)
3. **Manual code review** - Final verification for critical use cases

```bash
# Step 1: Pattern analysis (local)
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -s suspicious-skill

# Step 2: Visit ClawHub page for VirusTotal results
# https://clawhub.ai/skills/suspicious-skill

# Step 3: Manual review if needed
curl -s "https://clawhub.ai/api/skills/suspicious-skill/latest" > skill.md
less skill.md
```

## Example Workflow

**Scenario**: User wants to install a skill called `solana-wallet-tracker`

**Step 1: Run Security Analysis**
```bash
$ ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -s solana-wallet-tracker

Fetching skill 'solana-wallet-tracker' from ClawHub...
✓ Skill fetched successfully

Analyzing skill content...

============================================
         SECURITY AUDIT REPORT
============================================

Risk Score: 95/100 - ☠️ CRITICAL

============================================

☠️ CRITICAL FINDINGS:
  CLAW-001: Fake Prerequisites - ClawHavoc Campaign [+50 points]
  └─ Matches the ClawHavoc campaign pattern of fake prerequisites requesting malicious binary downloads
  CLAW-002: Known C2 Infrastructure [+50 points]
  └─ IP address used in ClawHavoc campaign for C2 communications

============================================
RECOMMENDATION:
DO NOT INSTALL. Malicious patterns detected matching known attack campaigns.
============================================
```

**Step 2: Decision**
- ☠️ **CRITICAL Risk** → **DO NOT INSTALL**
- Report skill to ClawHub moderators
- Look for safe alternatives

**Step 3: Verify on ClawHub** (optional)
```bash
# Visit skill page to check VirusTotal results
open "https://clawhub.ai/skills/solana-wallet-tracker"
```

## Advanced Features

### 1. Behavioral Analysis (Future Enhancement)
- Sandbox execution monitoring
- Network traffic analysis
- File system access patterns

### 2. Community Threat Intelligence
- Share malicious skill signatures
- Collaborative IOC database
- Reputation scoring system

### 3. Continuous Monitoring
- Auto-audit skills on updates
- Alert on new security advisories
- Periodic re-scanning of installed skills

## False Positive Mitigation

To minimize false positives:

1. **Contextual Analysis**: Binary requirements for legitimate tools (e.g., `gh` for GitHub CLI) are validated against known safe sources
2. **Whitelisting**: Verified authors and established skills get trust bonuses
3. **Human Review Option**: Always provide detailed reasoning for security decisions
4. **Appeal Process**: Users can report false positives for skill reputation adjustment

## Compliance & Ethics

This skill:
- ✅ Analyzes publicly available skill metadata
- ✅ Protects user security and privacy
- ✅ Promotes responsible skill development
- ❌ Does NOT perform unauthorized access
- ❌ Does NOT guarantee 100% security (nothing does)
- ❌ Does NOT replace user judgment

## Response Templates

### Safe Skill
```
✅ Security Audit Complete

{skill-name} has been analyzed and appears SAFE to install.

Risk Score: {score}/100 (LOW)

No malicious patterns detected. The skill:
- Uses standard dependencies from trusted sources
- Has a verified author with {X} published skills
- Contains clear documentation with no obfuscation
- Requests appropriate permissions for its function

VirusTotal: {link}

Recommendation: Safe to proceed with installation.
```

### Suspicious Skill
```
🔴 Security Alert: HIGH RISK DETECTED

{skill-name} has been flagged with CRITICAL security concerns.

Risk Score: {score}/100 (HIGH)

⚠️ Critical Findings:
{detailed findings}

This skill matches patterns from the ClawHavoc malware campaign.

Recommendation: DO NOT INSTALL. Consider reporting this skill to ClawHub moderators.

Alternative safe skills: {suggestions}
```

## Technical Implementation Notes

**Pattern Database Location**: `~/.openclaw/security-auditor/patterns/`
- `malicious-patterns.json`: Known bad indicators
- `safe-patterns.json`: Whitelisted elements
- `ioc-database.json`: Indicators of Compromise

**Update Mechanism**:
```bash
# Pull latest threat intelligence
curl -s "https://openclaw-security.github.io/threat-intel/latest.json" \
  > ~/.openclaw/security-auditor/patterns/ioc-database.json
```

## Contributing

Found a new malicious pattern? Submit IOCs to the OpenClaw Security Working Group:
- GitHub: github.com/openclaw/security-auditor
- Report Format: JSON with pattern regex, description, severity

## Limitations

⚠️ **Important Disclaimers**:
- This tool provides analysis, not guarantees
- Sophisticated malware may evade detection
- Always combine with VirusTotal + manual review for critical applications
- Security is a shared responsibility
- No automated tool replaces security expertise

## References

- ClawHavoc Campaign Analysis: [The Hacker News, Feb 2026]
- OpenClaw Security Partnership: VirusTotal Integration
- Malicious Skill Database: OpenSourceMalware Research
- ClawHub Moderation Guide: docs.openclaw.ai/security

---

**Remember**: The best security is defense in depth. Use this skill as ONE layer of your security strategy, not the only layer.

Stay safe, stay skeptical, stay secure. 🦞🛡️


---

## Referenced Files

> The following files are referenced in this skill and included for context.

### patterns/malicious-patterns.json

```json
{
  "version": "1.0.0",
  "last_updated": "2026-02-08",
  "patterns": {
    "critical": [
      {
        "id": "CLAW-001",
        "name": "Fake Prerequisites - ClawHavoc Campaign",
        "pattern": "(prerequisite|setup|installation).*download.*(openclaw-agent|openclaw-setup)\\.(zip|exe|dmg)",
        "severity": "critical",
        "score_impact": 50,
        "description": "Matches the ClawHavoc campaign pattern of fake prerequisites requesting malicious binary downloads",
        "mitre_attack": "T1204.002 - User Execution: Malicious File",
        "references": [
          "https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html"
        ]
      },
      {
        "id": "CLAW-002",
        "name": "Known C2 Infrastructure",
        "pattern": "91\\.92\\.242\\.30",
        "severity": "critical",
        "score_impact": 50,
        "description": "IP address used in ClawHavoc campaign for C2 communications",
        "mitre_attack": "T1071 - Application Layer Protocol",
        "references": [
          "https://www.scworld.com/brief/reports-shed-light-on-more-openclaw-vulnerabilities"
        ]
      },
      {
        "id": "CLAW-003",
        "name": "Curl Pipe to Shell",
        "pattern": "(curl|wget).*\\|.*(bash|sh|zsh|python)",
        "severity": "critical",
        "score_impact": 40,
        "description": "Dangerous pattern of downloading and executing remote code without verification",
        "mitre_attack": "T1059.004 - Command and Scripting Interpreter: Unix Shell"
      },
      {
        "id": "CLAW-004",
        "name": "Hardcoded Credentials",
        "pattern": "(api[_-]?key|token|password|secret|private[_-]?key)\\s*[:=]\\s*['\"][A-Za-z0-9+/=]{20,}['\"]",
        "severity": "critical",
        "score_impact": 35,
        "description": "Hardcoded API keys, tokens, or credentials in skill files",
        "mitre_attack": "T1552.001 - Unsecured Credentials: Credentials In Files"
      },
      {
        "id": "CLAW-005",
        "name": "Base64 Encoded Execution",
        "pattern": "eval|exec.*base64.*decode|atob",
        "severity": "critical",
        "score_impact": 45,
        "description": "Dynamic execution of base64 encoded content, common obfuscation technique",
        "mitre_attack": "T1027 - Obfuscated Files or Information"
      }
    ],
    "high": [
      {
        "id": "CLAW-101",
        "name": "Suspicious Binary Download",
        "pattern": "download.*\\.(exe|dmg|pkg|deb|rpm|msi)",
        "severity": "high",
        "score_impact": 25,
        "description": "Requests download of executable binaries"
      },
      {
        "id": "CLAW-102",
        "name": "SSH Key Access",
        "pattern": "~/.ssh|id_rsa|id_ed25519|authorized_keys",
        "severity": "high",
        "score_impact": 30,
        "description": "Accesses SSH keys or configuration"
      },
      {
        "id": "CLAW-103",
        "name": "Cryptocurrency Wallet Paths",
        "pattern": "\\.bitcoin|\\.ethereum|wallet\\.dat|keystore|metamask",
        "severity": "high",
        "score_impact": 35,
        "description": "Accesses cryptocurrency wallet files or paths"
      },
      {
        "id": "CLAW-104",
        "name": "Browser Credential Storage",
        "pattern": "Cookies|Login Data|Web Data|chrome/Default|firefox/profiles",
        "severity": "high",
        "score_impact": 30,
        "description": "Accesses browser credential storage locations"
      },
      {
        "id": "CLAW-105",
        "name": "Suspicious External Requests",
        "pattern": "fetch|axios|request.*http(s)?://(?!.*github\\.com|.*npm|.*pypi)",
        "severity": "high",
        "score_impact": 20,
        "description": "Makes HTTP requests to non-standard repositories"
      }
    ],
    "medium": [
      {
        "id": "CLAW-201",
        "name": "Environment Variable Exfiltration",
        "pattern": "process\\.env|\\$\\{.*\\}|export.*=",
        "severity": "medium",
        "score_impact": 15,
        "description": "Accesses or manipulates environment variables"
      },
      {
        "id": "CLAW-202",
        "name": "File System Write Operations",
        "pattern": "writeFile|createWriteStream|fs\\.write",
        "severity": "medium",
        "score_impact": 10,
        "description": "Performs file system write operations"
      },
      {
        "id": "CLAW-203",
        "name": "Network Listener Creation",
        "pattern": "listen.*\\d{1,5}|createServer|net\\.Server",
        "severity": "medium",
        "score_impact": 15,
        "description": "Creates network listeners or servers"
      },
      {
        "id": "CLAW-204",
        "name": "Child Process Execution",
        "pattern": "exec|spawn|fork|child_process",
        "severity": "medium",
        "score_impact": 12,
        "description": "Spawns child processes"
      }
    ],
    "social_engineering": [
      {
        "id": "CLAW-301",
        "name": "Urgency Language",
        "pattern": "(install immediately|urgent|limited time|act now|hurry)",
        "severity": "low",
        "score_impact": 10,
        "description": "Uses urgency tactics to pressure installation"
      },
      {
        "id": "CLAW-302",
        "name": "False Authority Claims",
        "pattern": "(official openclaw|verified by anthropic|endorsed by|approved by)",
        "severity": "medium",
        "score_impact": 15,
        "description": "Makes false authority claims"
      },
      {
        "id": "CLAW-303",
        "name": "Fear Tactics",
        "pattern": "(security risk|vulnerability|exploit|hack|breach).*without this",
        "severity": "low",
        "score_impact": 12,
        "description": "Uses fear tactics to encourage installation"
      }
    ]
  },
  "whitelisted_patterns": {
    "safe_binaries": [
      "git",
      "gh",
      "docker",
      "kubectl",
      "npm",
      "node",
      "python",
      "pip",
      "cargo",
      "go",
      "curl",
      "wget"
    ],
    "safe_domains": [
      "github.com",
      "npmjs.org",
      "pypi.org",
      "crates.io",
      "anthropic.com",
      "openclaw.ai",
      "clawhub.ai"
    ],
    "verified_authors": [
      "openclaw",
      "anthropic-official"
    ]
  },
  "scoring_thresholds": {
    "safe": 20,
    "low_risk": 40,
    "medium_risk": 60,
    "high_risk": 80,
    "critical": 100
  }
}

```



---

## Skill Companion Files

> Additional files collected from the skill directory layout.

### README.md

```markdown
# Skill Security Auditor 🛡️

**Protect your OpenClaw agent from malicious skills before installation**

## Overview

The Skill Security Auditor is a **command-line security analysis tool** that scans ClawHub skills for malicious patterns, credential leaks, and suspicious behaviors before you install them.

Born from the ClawHavoc campaign that distributed 341+ malicious skills stealing cryptocurrency credentials, this tool provides pattern-based threat detection using a curated threat intelligence database.

**Key Point**: This is a **manual CLI tool** you run before installing skills. It does not automatically scan or block installations - it provides security analysis to help you make informed decisions.

## Why You Need This

In February 2026, researchers discovered 341 malicious ClawHub skills that:
- 📦 Distributed Atomic Stealer (AMOS) malware
- 💰 Stole cryptocurrency exchange API keys
- 🔑 Harvested SSH credentials and browser passwords
- 🎭 Used sophisticated social engineering
- 🌐 Shared C2 infrastructure (91.92.242.30)

**This skill helps you avoid becoming a victim.**

## Features

✅ **Malicious Pattern Detection** - Identifies known attack patterns from ClawHavoc and other campaigns  
✅ **Credential Leak Analysis** - Finds hardcoded secrets and exfiltration vectors  
✅ **Dependency Validation** - Checks for suspicious binary requirements  
✅ **C2 Infrastructure Detection** - Flags known malicious IPs and domains  
✅ **Risk Scoring** - Quantitative 0-100 risk assessment  
✅ **VirusTotal Integration** - Links to OpenClaw's VirusTotal partnership  
✅ **Detailed Audit Reports** - Comprehensive security analysis with recommendations  

## Installation

### Via ClawHub CLI (Recommended)

```bash
# Install the skill
npx clawhub@latest install skill-security-auditor

# Make the analyzer script executable
chmod +x ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh

# Test it works
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh --help
```

### Manual Installation

```bash
# Create skill directory
mkdir -p ~/.openclaw/skills/skill-security-auditor/patterns

# Download SKILL.md
curl -o ~/.openclaw/skills/skill-security-auditor/SKILL.md \
  https://raw.githubusercontent.com/YOUR-USERNAME/skill-security-auditor/main/SKILL.md

# Download analyzer script
curl -o ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh \
  https://raw.githubusercontent.com/YOUR-USERNAME/skill-security-auditor/main/analyze-skill.sh

# Download patterns database
curl -o ~/.openclaw/skills/skill-security-auditor/patterns/malicious-patterns.json \
  https://raw.githubusercontent.com/YOUR-USERNAME/skill-security-auditor/main/patterns/malicious-patterns.json

# Make executable
chmod +x ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh
```

### Requirements

Required command-line tools (usually pre-installed):
- `bash` - Shell interpreter (v4.0+)
- `curl` - Fetching skills from ClawHub
- `jq` - JSON processing
- `grep` - Pattern matching

**Check if installed:**
```bash
for cmd in bash curl jq grep; do
  command -v $cmd &>/dev/null && echo "✓ $cmd" || echo "✗ $cmd (missing)"
done
```

**Install missing tools:**
```bash
# macOS
brew install jq

# Ubuntu/Debian
sudo apt install jq

# Windows (WSL2)
sudo apt install jq
```

## Quick Start

### 1. Audit Before Installation

**Instead of immediately installing:**
```bash
npx clawhub install solana-wallet-tracker  # ❌ Don't do this first
```

**Do this:**
```bash
# Install the security auditor
npx clawhub install skill-security-auditor

# Make script executable
chmod +x ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh

# Audit the skill FIRST
~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -s solana-wallet-tracker

# Example output:
# ============================================
#          SECURITY AUDIT REPORT
# ============================================
# 
# Risk Score: 85/100 - ☠️ CRITICAL
#
# ☠️ CRITICAL FINDINGS:
#   CLAW-001: Fake Prerequisites - ClawHavoc Campaign [+50 points]
#   └─ Matches ClawHavoc malware campaign pattern
#   CLAW-002: Known C2 Infrastructure [+50 points]
#   └─ IP address 91.92.242.30 detected
#
# ============================================
# RECOMMENDATION:
# DO NOT INSTALL. Malicious patterns detected.
# ============================================

# Based on results, decide whether to install
```

### 2. Audit Installed Skills

```bash
# Scan all currently installed skills
for skill in ~/.openclaw/skills/*/SKILL.md; do
  echo "Auditing: $(basename $(dirname $skill))"
  ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -f "$skill"
  echo ""
done

# Example output:
# Auditing: github-helper
# Risk Score: 15/100 - ✅ SAFE
# 
# Auditing: crypto-trading-bot  
# Risk Score: 72/100 - 🔴 HIGH RISK
# ⚠️ HIGH RISK FINDINGS:
#   CLAW-102: SSH Key Access [+30 points]
```

### 3. Create Convenience Alias

```bash
# Add to ~/.bashrc or ~/.zshrc
echo 'alias audit-skill="~/.openclaw/skills/skill-security-auditor/analyze-skill.sh"' >> ~/.bashrc
source ~/.bashrc

# Now you can simply run:
audit-skill -s any-skill-name
audit-skill -f /path/to/SKILL.md
```

## Risk Scoring

| Score | Level | Description | Action |
|-------|-------|-------------|--------|
| 0-20 | ✅ SAFE | No significant concerns | Proceed with installation |
| 21-40 | ⚠️ LOW | Minor concerns | Proceed with caution |
| 41-60 | 🟡 MEDIUM | Multiple red flags | Manual review recommended |
| 61-80 | 🔴 HIGH | Serious concerns | Expert review required |
| 81-100 | ☠️ CRITICAL | Malicious indicators | DO NOT INSTALL |

## What Gets Detected

### 🚨 Critical Threats

- **Fake Prerequisites** - ClawHavoc-style malware delivery
- **Known C2 Infrastructure** - Malicious IPs/domains
- **Credential Harvesting** - API keys, SSH keys, wallet access
- **Remote Code Execution** - `curl | bash` patterns
- **Obfuscated Payloads** - Base64 encoded execution

### ⚠️ Warning Signs

- Suspicious binary requirements
- Excessive permission requests
- Network calls to unknown hosts
- Social engineering language
- New/unverified authors

### ✅ Positive Indicators

- Verified authors (>1 year GitHub account)
- Transparent dependencies
- Clean, documented code
- Official source repositories
- Active community engagement

## Example Audit Report

```markdown
## Security Audit Report

**Skill**: github-pr-automator
**Author**: verified-dev
**Version**: 2.1.0
**Audit Date**: 2026-02-08

### Risk Score: 18/100 - SAFE ✅

### Critical Findings:
None detected.

### Warning Indicators:
- Uses child_process for git operations (justified and safe)

### Positive Indicators:
- Author has 47 published skills
- GitHub account created 2019
- Uses official GitHub CLI (gh)
- Clear documentation
- No external network calls
- VirusTotal: 0/70 detections

### Recommendations:
✅ SAFE TO INSTALL

This skill appears legitimate and follows security best practices.

### Detailed Analysis:
The skill uses the official GitHub CLI tool for PR operations,
which is a trusted and verified binary. All operations are
documented and transparent. No credential access or external
communications detected beyond GitHub API via official client.
```

## Advanced Usage

### Custom Pattern Database

Add your own threat intelligence:

```bash
# Add custom malicious pattern
jq '.patterns.critical += [{
  "id": "CUSTOM-001",
  "name": "My Custom Pattern",
  "pattern": "suspicious-pattern-here",
  "severity": "critical",
  "score_impact": 40,
  "description": "My custom threat detection"
}]' ~/.openclaw/skills/skill-security-auditor/patterns/malicious-patterns.json > temp.json
mv temp.json ~/.openclaw/skills/skill-security-auditor/patterns/malicious-patterns.json
```

### Whitelist Trusted Skills

```bash
# Add trusted author
jq '.whitelisted_patterns.verified_authors += ["your-github-username"]' \
  patterns/malicious-patterns.json > temp.json
```

### Update Threat Intelligence

```bash
# Pull latest patterns (when community database available)
curl -s "https://openclaw-security.github.io/threat-intel/latest.json" \
  -o ~/.openclaw/skills/skill-security-auditor/patterns/ioc-database.json
```

## Integration with Existing Tools

### With VirusTotal (via ClawHub)

This tool provides **pattern-based analysis** while ClawHub provides **binary/file scanning** through their VirusTotal partnership.

**Workflow:**
1. **Run pattern analysis** (local, instant):
   ```bash
   ~/.openclaw/skills/skill-security-auditor/analyze-skill.sh -s suspicious-skill
   ```

2. **Check VirusTotal results** (via ClawHub web interface):
   - Visit: `https://clawhub.ai/skills/suspicious-skill`
   - Look for VirusTotal scan results on the page
   - ClawHub automatically scans published skills

3. **Combine both assessments** for comprehensive security evaluation

**Note**: This tool does NOT access VirusTotal's API directly. The integration is through ClawHub's web interface.

### With Manual Code Review

Use this skill as **first-line defense**, then:

1. Review flagged sections in SKILL.md
2. Inspect any referenced scripts/binaries
3. Test in sandboxed environment
4. Monitor network activity during testing

## Contributing

### Report Malicious Skills

Found a malicious skill? Submit to:
- **ClawHub Moderation**: Use built-in report feature
- **Security Working Group**: [GitHub Issues](https://github.com/openclaw/security-auditor/issues)

### Contribute Patterns

Submit new detection patterns:

```json
{
  "id": "YOUR-ID",
  "name": "Pattern Name",
  "pattern": "regex-pattern",
  "severity": "critical|high|medium|low",
  "score_impact": 1-50,
  "description": "What this detects",
  "mitre_attack": "T#### - Technique Name",
  "references": ["https://..."]
}
```

## Limitations

⚠️ **Important**:

- This tool provides **analysis, not guarantees**
- Sophisticated malware may evade detection
- Always combine with VirusTotal + manual review
- Zero-day attacks won't have known patterns
- Security is a **shared responsibility**

**Defense in depth**: Use this as ONE layer of security, not the ONLY layer.

## FAQ

**Q: Will this catch all malicious skills?**  
A: No automated tool is perfect. This catches known patterns and heuristics, but sophisticated or novel attacks may evade detection. Always practice defense in depth.

**Q: Can I trust this skill itself?**  
A: Yes - the source code is transparent, uses only safe pattern matching, and makes no external network calls except to fetch skills for analysis.

**Q: Does this replace VirusTotal?**  
A: No, it complements it. VirusTotal scans binaries, this analyzes skill logic and patterns.

**Q: What if I get a false positive?**  
A: Review the detailed findings. If you believe it's safe, you can whitelist it. Always err on the side of caution.

**Q: How often are patterns updated?**  
A: The community maintains an updated pattern database. Pull latest regularly with the update command.

## Support

- **Issues**: [GitHub Issues](https://github.com/openclaw/security-auditor/issues)
- **Community**: [OpenClaw Discord #security](https://discord.gg/openclaw)
- **Security Reports**: [email protected] (for vulnerabilities in this skill)

## Credits

Developed by **akm626** in response to the ClawHavoc campaign.

Based on research by:
- Koi Researcher (ClawHub malware discovery)
- OpenSourceMalware (6mile/Paul McCarty)
- Bitdefender Labs
- Palo Alto Networks

## License

MIT License - Use freely, contribute back improvements.

---

**Stay safe, stay skeptical, stay secure.** 🦞🛡️

*Version 1.0.0 | Last Updated: 2026-02-08*

```

### _meta.json

```json
{
  "owner": "akhmittra",
  "slug": "skill-security-auditor",
  "displayName": "Skill Security Auditor",
  "latest": {
    "version": "1.0.1",
    "publishedAt": 1770824827488,
    "commit": "https://github.com/openclaw/skills/commit/c6f1368156ba4c03b810b8704b8f9317f8596127"
  },
  "history": [
    {
      "version": "1.0.0",
      "publishedAt": 1770536244483,
      "commit": "https://github.com/openclaw/skills/commit/869d464bd4a136b318057a305963984ccd09699c"
    }
  ]
}

```