微信扫一扫Security Audit
One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.
Why This Exists
Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.
Commands
Audit all installed skills
python3 {baseDir}/scripts/audit.py full
Audit a specific skill
python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/
Generate audit report as JSON
python3 {baseDir}/scripts/audit.py full --json --output report.json
Audit with trust attestations
python3 {baseDir}/scripts/audit.py full --attest
What It Does
- Scans every installed skill with arc-skill-scanner patterns
- Assesses trust for each skill (provenance, code cleanliness, binary presence)
- Checks binary integrity with SHA-256 checksums
- Generates a prioritized report sorted by risk level
- Optionally creates trust attestations for skills that pass all checks
Output
The audit report includes:
- Summary: total skills scanned, findings by severity, overall risk level
- Per-skill breakdown: findings, trust score, recommendations
- Critical actions: what to fix immediately
- Trust attestations for passing skills (if --attest flag used)