{"id":"e868baad-b178-46f6-9ab5-1ccd292dc654","entityType":"agent","slug":"smartchainark-skill-security-audit","name":"skill-security-audit","canonicalUrl":"https://xpersona.co/agent/smartchainark-skill-security-audit","canonicalPath":"/agent/smartchainark-skill-security-audit","generatedAt":"2026-04-17T05:55:17.218Z","source":"GITHUB_OPENCLEW","claimStatus":"UNCLAIMED","verificationTier":"NONE","summary":{"evidence":{"source":"editorial-content","verified":true,"confidence":"high","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":null},"description":"Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies. --- name: skill-security-audit description: Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies. --- Skill Security Audit Detect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ mali","descriptionLabel":"Technical summary","evidenceSummary":"Capability contract not published. No trust telemetry is available yet. 8 GitHub stars reported by the source. Last updated 4/15/2026.","installCommand":"git clone https://github.com/smartchainark/skill-security-audit.git","sourceUrl":"https://github.com/smartchainark/skill-security-audit","homepage":null,"primaryLinks":[{"label":"View Source","url":"https://github.com/smartchainark/skill-security-audit","kind":"source"}],"safetyScore":94,"overallRank":34.5,"popularityScore":24,"trustScore":null,"claimedByName":null,"isOwner":false,"seoDescription":"Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's Cl"},"coverage":{"evidence":{"source":"public-profile","verified":false,"confidence":"medium","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":null},"protocols":[{"protocol":"OPENCLEW","label":"OpenClaw","status":"self-declared","notes":"Declared in the public agent profile."}],"capabilities":[{"label":"skills","status":"self-declared"},{"label":"a","status":"self-declared"},{"label":"all","status":"self-declared"}],"verifiedCount":0,"selfDeclaredCount":4,"capabilityMatrix":{"rows":[{"key":"OPENCLEW","type":"protocol","support":"unknown","confidenceSource":"profile","notes":"Listed on profile"},{"key":"skills","type":"capability","support":"supported","confidenceSource":"profile","notes":"Declared in agent profile metadata"},{"key":"a","type":"capability","support":"supported","confidenceSource":"profile","notes":"Declared in agent profile metadata"},{"key":"all","type":"capability","support":"supported","confidenceSource":"profile","notes":"Declared in agent profile metadata"}],"flattenedTokens":"protocol:OPENCLEW|unknown|profile capability:skills|supported|profile capability:a|supported|profile capability:all|supported|profile"}},"adoption":{"evidence":{"source":"GITHUB OPENCLEW","verified":false,"confidence":"medium","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":null},"stars":8,"forks":1,"downloads":null,"packageName":null,"latestVersion":null,"tractionLabel":"8 GitHub stars"},"release":{"evidence":{"source":"agent-index","verified":false,"confidence":"medium","updatedAt":"2026-04-15T02:14:11.028Z","emptyReason":null},"lastUpdatedAt":"2026-04-15T05:21:22.124Z","lastCrawledAt":"2026-04-15T02:14:11.028Z","lastIndexedAt":null,"nextCrawlAt":"2026-04-16T02:14:11.028Z","lastVerifiedAt":null,"highlights":[]},"execution":{"evidence":{"source":"GITHUB OPENCLEW","verified":false,"confidence":"low","updatedAt":null,"emptyReason":"No published capability contract is available yet."},"installCommand":"git clone https://github.com/smartchainark/skill-security-audit.git","setupComplexity":"low","setupSteps":["Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.","Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data."],"contract":{"contractStatus":"missing","authModes":[],"requires":[],"forbidden":[],"supportsMcp":false,"supportsA2a":false,"supportsStreaming":false,"inputSchemaRef":null,"outputSchemaRef":null,"dataRegion":null,"contractUpdatedAt":null,"sourceUpdatedAt":null,"freshnessSeconds":null},"invocationGuide":{"preferredApi":{"snapshotUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/snapshot","contractUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/contract","trustUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/trust"},"curlExamples":["curl -s \"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/snapshot\"","curl -s \"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/contract\"","curl -s \"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/trust\""],"jsonRequestTemplate":{"query":"summarize this repo","constraints":{"maxLatencyMs":2000,"protocolPreference":["OPENCLEW"]}},"jsonResponseTemplate":{"ok":true,"result":{"summary":"...","confidence":0.9},"meta":{"source":"GITHUB_OPENCLEW","generatedAt":"2026-04-17T05:55:17.218Z"}},"retryPolicy":{"maxAttempts":3,"backoffMs":[500,1500,3500],"retryableConditions":["HTTP_429","HTTP_503","NETWORK_TIMEOUT"]}},"endpoints":{"dossierUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/dossier","snapshotUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/snapshot","contractUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/contract","trustUrl":"https://xpersona.co/api/v1/agents/smartchainark-skill-security-audit/trust"}},"reliability":{"evidence":{"source":"runtime-metrics","verified":false,"confidence":"low","updatedAt":null,"emptyReason":"No trust, reliability, or runtime telemetry is available."},"trust":{"status":"unavailable","handshakeStatus":"UNKNOWN","verificationFreshnessHours":null,"reputationScore":null,"p95LatencyMs":null,"successRate30d":null,"fallbackRate":null,"attempts30d":null,"trustUpdatedAt":null,"trustConfidence":"unknown","sourceUpdatedAt":null,"freshnessSeconds":null},"decisionGuardrails":{"doNotUseIf":["Contract metadata is missing or unavailable for deterministic execution."],"safeUseWhen":[],"riskFlags":["missing_or_unavailable_contract","trust_data_unavailable","schema_references_missing"],"operationalConfidence":"low"},"executionMetrics":{"observedLatencyMsP50":null,"observedLatencyMsP95":null,"estimatedCostUsd":null,"uptime30d":null,"rateLimitRpm":null,"rateLimitBurst":null,"lastVerifiedAt":null,"verificationSource":null},"runtimeMetrics":{"successRate":null,"avgLatencyMs":null,"avgCostUsd":null,"hallucinationRate":null,"retryRate":null,"disputeRate":null,"p50Latency":null,"p95Latency":null,"lastUpdated":null}},"benchmarks":{"evidence":{"source":"no-benchmark-data","verified":false,"confidence":"low","updatedAt":null,"emptyReason":"No benchmark suites or observed failure patterns are available."},"suites":[],"failurePatterns":[]},"artifacts":{"evidence":{"source":"GITHUB OPENCLEW","verified":false,"confidence":"high","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":null},"readme":"---\nname: skill-security-audit\ndescription: Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies.\n---\n\n# Skill Security Audit\n\nDetect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ malicious skills on ClawHub platform.\n\n## Triggers\n\nUse this skill when the user mentions: 安全审计, security audit, skill 检查, 技能安全, scan skills, supply chain security, 扫描技能, 恶意检测, malicious skill, skill 安全扫描\n\n## Quick Audit Workflow\n\nWhen the user requests a security audit, follow these 5 steps:\n\n### Step 1: Run the Scanner\n\n```bash\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py\n```\n\nThis auto-discovers and scans all skills in:\n- `~/.claude/skills/`\n- `~/.openclaw/workspace/skills/`\n- Extra directories from `~/.openclaw/openclaw.json` → `skills.load.extraDirs`\n\n### Step 2: Analyze Results\n\nRead the scanner output. Findings are grouped by skill and sorted by severity:\n\n| Severity | Meaning | Action Required |\n|----------|---------|----------------|\n| **CRITICAL** | Known malicious IOC match, credential theft, or download-and-execute | Immediate removal and credential rotation |\n| **HIGH** | Obfuscation, persistence mechanisms, privilege escalation | Manual review required, likely malicious |\n| **MEDIUM** | Suspicious patterns (Base64, network calls, high entropy) | Review context — may be legitimate |\n| **LOW** | Social engineering naming, informational | Note for awareness |\n\n### Step 3: Report to User\n\nPresent findings in this format:\n\n```\n## Audit Summary\n- Skills scanned: N\n- Files scanned: N\n- CRITICAL: N | HIGH: N | MEDIUM: N | LOW: N\n\n## Critical/High Findings (if any)\nFor each finding:\n- Skill name and file path\n- What was detected and why it's dangerous\n- Recommended action\n\n## Medium/Low Findings (if any)\nBrief summary, noting which are likely false positives\n```\n\n### Step 4: Recommend Actions\n\nFor CRITICAL findings:\n1. Read `references/remediation-guide.md` for incident response steps\n2. Guide user through credential rotation if credential theft was detected\n3. Help quarantine the malicious skill\n\nFor HIGH findings:\n1. Help user manually review the flagged code\n2. Determine if the pattern is legitimate or malicious in context\n\n### Step 5: Follow Up\n\n- Offer to scan a specific skill in detail: `python3 skill_audit.py --path /path/to/skill`\n- Offer to explain any finding in depth using `references/threat-patterns.md`\n\n## Scanner Command Reference\n\n```bash\n# Scan all discovered skills\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py\n\n# Scan a single skill directory\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --path /path/to/skill\n\n# JSON output (for programmatic use)\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --json\n\n# Filter by minimum severity\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --severity high\n\n# Disable colored output\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --no-color\n\n# Use custom IOC database\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --ioc-db /path/to/ioc.json\n```\n\n**Exit codes:** 0 = clean, 1 = low/medium risk, 2 = high risk, 3 = critical, 4 = scanner error\n\n## 13 Detection Categories\n\n| Detector | What It Finds | Severity |\n|----------|--------------|----------|\n| Base64Detector | Encoded strings >50 chars (excluding data:image) | MEDIUM→HIGH |\n| DownloadExecDetector | curl\\|bash, wget\\|sh, fetch+eval patterns | CRITICAL |\n| IOCMatchDetector | Known malicious IPs, domains, URLs, file hashes | CRITICAL |\n| ObfuscationDetector | eval/exec with non-literal args, hex encoding, chr() chains | HIGH |\n| ExfiltrationDetector | ZIP+upload combos, sensitive directory enumeration | HIGH |\n| CredentialTheftDetector | osascript password dialogs, keychain access, SSH key reading | CRITICAL |\n| PersistenceDetector | crontab, launchd, systemd, shell profile modification | HIGH |\n| PostInstallHookDetector | npm postinstall, pip setup.py cmdclass | HIGH→CRITICAL |\n| HiddenCharDetector | Zero-width characters, Unicode bidi overrides | MEDIUM |\n| EntropyDetector | Shannon entropy >5.5 on long lines | MEDIUM |\n| SocialEngineeringDetector | crypto/wallet/airdrop/security-update naming | LOW→MEDIUM |\n| NetworkCallDetector | socket, http, urllib, requests, fetch, curl, wget | MEDIUM |\n| PrivilegeEscalationDetector | sudo, chmod 777, setuid, admin group modification | HIGH |\n\n## Understanding Confidence Scores\n\nEach finding includes a confidence score (0-100):\n- **80-100**: Very likely a genuine threat\n- **50-79**: Suspicious, manual review recommended\n- **30-49**: Possible false positive, check context\n- **<30**: Informational, low confidence\n\n## Manual Review Checklist\n\nWhen the scanner flags something, also check:\n\n1. **Source verification** — Is the skill from an official/verified source? Check author reputation.\n2. **Permission scope** — Does the skill request more permissions than its stated functionality needs?\n3. **Script audit** — Read all `.sh`, `.py`, `.js` files. Look for obfuscation, unexpected network calls.\n4. **Dependency check** — Run `npm audit` or `pip-audit` if the skill has package dependencies.\n5. **Changelog review** — Were suspicious changes introduced in a recent update?\n\n## Updating the IOC Database\n\nThe IOC database is at `scripts/ioc_database.json`. To add new indicators:\n\n1. Edit the JSON file following the existing schema\n2. Run the scanner to verify your new IOCs are detected\n3. Update `references/ioc-database.md` to keep the human-readable version in sync\n\n## Reference Documents\n\nFor detailed information, read these files as needed:\n- `references/ioc-database.md` — Full IOC list with context and attribution\n- `references/threat-patterns.md` — 9 attack patterns in detail (two-stage payload, Base64 backdoor, password phishing, etc.)\n- `references/remediation-guide.md` — Step-by-step incident response (quarantine, credential rotation, persistence cleanup, reporting)\n","readmeExcerpt":"--- name: skill-security-audit description: Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies. --- Skill Security Audit Detect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ mali","codeSnippets":[],"executableExamples":[{"language":"bash","snippet":"python3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py"},{"language":"text","snippet":"## Audit Summary\n- Skills scanned: N\n- Files scanned: N\n- CRITICAL: N | HIGH: N | MEDIUM: N | LOW: N\n\n## Critical/High Findings (if any)\nFor each finding:\n- Skill name and file path\n- What was detected and why it's dangerous\n- Recommended action\n\n## Medium/Low Findings (if any)\nBrief summary, noting which are likely false positives"},{"language":"bash","snippet":"# Scan all discovered skills\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py\n\n# Scan a single skill directory\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --path /path/to/skill\n\n# JSON output (for programmatic use)\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --json\n\n# Filter by minimum severity\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --severity high\n\n# Disable colored output\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --no-color\n\n# Use custom IOC database\npython3 ~/.claude/skills/skill-security-audit/scripts/skill_audit.py --ioc-db /path/to/ioc.json"}],"parameters":{},"dependencies":[],"permissions":[],"extractedFiles":[],"languages":["typescript"],"docsSourceLabel":"GITHUB OPENCLEW","editorialOverview":"Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies. --- name: skill-security-audit description: Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's ClawHub threat intelligence (472+ malicious skills). Pure Python, zero dependencies. --- Skill Security Audit Detect malicious patterns in installed Claude and OpenClaw skills. Based on SlowMist's analysis of 472+ mali","editorialQuality":{"score":100,"threshold":65,"status":"ready","wordCount":400,"uniquenessScore":61,"reasons":[]}},"media":{"evidence":{"source":"no-media","verified":false,"confidence":"low","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":"No screenshots, media assets, or demo links are available."},"primaryImageUrl":null,"mediaAssetCount":0,"assets":[],"demoUrl":null},"ownerResources":{"evidence":{"source":"unclaimed","verified":false,"confidence":"low","updatedAt":"2026-04-15T05:21:22.124Z","emptyReason":"This page has not been claimed by the agent owner."},"hasCustomPage":false,"customPageUpdatedAt":null,"customLinks":[],"structuredLinks":{"docsUrl":null,"demoUrl":null,"supportUrl":null,"pricingUrl":null,"statusUrl":null},"customPage":null},"relatedAgents":{"evidence":{"source":"protocol-neighbors","verified":false,"confidence":"medium","updatedAt":"2026-04-17T05:55:17.218Z","emptyReason":null},"items":[{"id":"b917f68a-ebff-438e-84f8-3f4b2494c0bc","entityType":"agent","canonicalPath":"/agent/activepieces-activepieces","slug":"activepieces-activepieces","name":"activepieces","description":"AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents","url":"https://github.com/activepieces/activepieces","homepage":"https://www.activepieces.com","source":"GITHUB_REPOS","protocols":["OPENCLAW"],"capabilities":[],"safetyScore":100,"overallRank":70,"updatedAt":"2026-04-15T02:22:12.426Z","createdAt":"2026-02-25T03:38:12.412Z","downloads":null},{"id":"5cb26759-3a39-483f-94cf-276a98c13bb8","entityType":"agent","canonicalPath":"/agent/cherryhq-cherry-studio","slug":"cherryhq-cherry-studio","name":"cherry-studio","description":"AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs","url":"https://github.com/CherryHQ/cherry-studio","homepage":"https://cherry-ai.com","source":"GITHUB_REPOS","protocols":["MCP","OPENCLAW"],"capabilities":[],"safetyScore":100,"overallRank":70,"updatedAt":"2026-04-11T14:38:40.986Z","createdAt":"2026-02-25T03:38:19.379Z","downloads":null},{"id":"8ebccd8e-3863-4187-8355-c3f14e1f9edf","entityType":"agent","canonicalPath":"/agent/iofficeai-aionui","slug":"iofficeai-aionui","name":"AionUi","description":"Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!","url":"https://github.com/iOfficeAI/AionUi","homepage":"https://www.aionui.com","source":"GITHUB_REPOS","protocols":["MCP","OPENCLAW"],"capabilities":[],"safetyScore":100,"overallRank":70,"updatedAt":"2026-04-10T18:48:31.762Z","createdAt":"2026-02-25T03:38:16.584Z","downloads":null},{"id":"6f6582d0-5d76-4f0f-b81d-86520247950b","entityType":"agent","canonicalPath":"/agent/copilotkit-copilotkit","slug":"copilotkit-copilotkit","name":"CopilotKit","description":"The Frontend for Agents & Generative UI. React + Angular","url":"https://github.com/CopilotKit/CopilotKit","homepage":"https://docs.copilotkit.ai","source":"GITHUB_REPOS","protocols":["OPENCLAW"],"capabilities":[],"safetyScore":100,"overallRank":70,"updatedAt":"2026-03-25T09:50:57.846Z","createdAt":"2026-02-25T03:39:14.617Z","downloads":null}],"links":{"hub":"/agent","source":"/agent/source/github_openclew","protocols":[{"label":"OpenClaw","href":"/agent/protocol/openclew"}]}}}