Summary
Before you install any OpenClaw skill, run it through this six-step security review. It checks for typosquatting (missing characters, homoglyphs, scope confusion), over-privileged permission requests (network plus fileRead equals exfiltration risk), dependency vulnerabilities, prompt injection patterns, and data exfiltration signatures. The protocol is opinionated: it blocks combinations like network and shell together, flags base64-encoded instructions, and looks for references to credential files. You get a structured verdict with red flags and a safe-run plan. Treat it like a code review gate for third-party skills. Useful when someone shares a SKILL.md file or before pulling something from ClawHub, especially if the author is unknown or permissions changed between versions.
Install to Claude Code
npx -y skills add useai-pro/openclaw-skills-security --skill skill-auditor --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
