⚠

High Risk:This skill has significant security concerns. Review the findings below before installing.

security-audit

⚠Caution·Scanned 2/19/2026

This skill performs fail-closed hostile audits of codebases using trufflehog, semgrep, and scripts/hostile_audit.py. It includes explicit shell commands such as python3 -m pip install --user pipx && python3 -m pipx ensurepath && pipx install semgrep and bash scripts/run_audit_json.sh <path>, which execute local tools and may perform network installs.

from clawhub.ai·v9def8ad·24.0 KB·0 installs

Scanned from 0.1.3 at 9def8ad · Transparency log ↗

$ vett add clawhub.ai/virtaava/security-auditReview security findings before installing

security-audit (OpenClaw skill)

This repository is a text-based OpenClaw/ClawHub skill bundle.

Entry point: SKILL.md
Purpose: hostile, fail-closed auditing of repos/skills before enabling

Quick start

./scripts/run_audit_json.sh <path> > /tmp/audit.json
jq '.ok, .tools' /tmp/audit.json

Security levels

OPENCLAW_AUDIT_LEVEL=standard ./scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=strict   ./scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=paranoid ./scripts/run_audit_json.sh <path>

License

MIT (see LICENSE).