shield_lock
金大哥
联系我们
返回 Skill 列表
extension
分类: 安全与合规无需 API Key

Skill Auditor Pro

审查 ClawHub skills 的安全性,检测恶意代码、可疑模式和社工攻击。在安装任何第三方 skill 前使用此工具进行安全检查。

person作者: sypsyp97hubclawhub
open_in_new仓库download下载资源包

Skill Auditor 🔍

Audit ClawHub skills for security threats before installing them.

Triggers

Use this skill when:

  • "Audit this skill"
  • "Check skill security"
  • Before installing any third-party skill

Usage

Method 1: Pre-install audit (recommended)

# Inspect without installing
clawhub inspect <skill-name>

# Run the audit script
~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh <skill-name>

Method 2: Audit an installed skill

~/.openclaw/workspace/skills/skill-auditor/scripts/audit.sh --local <skill-path>

Detection Layers

L1: Pattern Matching

| Severity | Pattern | Risk | |----------|---------|------| | 🔴 High | base64.*\|.*bash | Encoded execution | | 🔴 High | curl.*\|.*bash | Remote script execution | | 🔴 High | eval\( / exec\( | Dynamic code execution | | 🔴 High | Known C2 server IPs | Malicious communication | | 🟡 Medium | Access to ~/.openclaw/ | Config theft | | 🟡 Medium | Reads $API_KEY etc. | Credential leakage | | 🟡 Medium | Social engineering keywords | User deception | | 🟢 Low | Requires sudo | Elevated privileges |

L2: Deobfuscation

Automatically decodes hidden malicious payloads:

  • Base64 — Decodes and scans for hidden commands
  • Hex — Decodes \x41\x42 format strings
  • Checks decoded content for C2 servers and dangerous commands

L3: LLM Analysis (optional)

Uses Gemini CLI to analyze suspicious code intent:

  • Semantic understanding beyond pattern matching
  • Detects novel/unknown threats
  • Requires gemini CLI installed

Known Indicators of Compromise (IoC)

C2 Server IPs

91.92.242.30  # ClawHavoc primary server

Malicious Domains

glot.io       # Hosts obfuscated scripts
webhook.site  # Data exfiltration endpoint

Social Engineering Keywords

OpenClawDriver    # Non-existent "driver"
ClawdBot Driver   # Social engineering lure
Required Driver   # Tricks users into installing malware

Output Format

═══════════════════════════════════════════
  SKILL AUDIT REPORT: <skill-name>
═══════════════════════════════════════════

🔴 HIGH RISK FINDINGS:
   [LINE 23] base64 encoded execution detected
   [LINE 45] curl|bash pattern found

🟡 MEDIUM RISK FINDINGS:
   [LINE 12] Accesses ~/.openclaw/ directory

🟢 LOW RISK FINDINGS:
   [LINE 5] Requires sudo for installation

═══════════════════════════════════════════
  VERDICT: ❌ DO NOT INSTALL
═══════════════════════════════════════════

Best Practices

  1. Always audit before install — Never skip the security check
  2. Trust no skill blindly — Including highly starred or popular ones
  3. Check updates — Skill updates may introduce malicious code
  4. Report suspicious skills — Send to steipete@gmail.com

Maintenance

Update this skill when new threats are discovered:

  1. New malicious IP → Add to MALICIOUS_IPS
  2. New malicious domain → Add to MALICIOUS_DOMAINS
  3. New social engineering lure → Add to SOCIAL_ENGINEERING
  4. New attack pattern → Add regex detection

Update location: variable definitions at the top of scripts/audit.sh

References