skill-trust-auditor

Audits ClawHub skills for security risks before installation, ensuring safer deployments and reducing potential vulnerabilities.

Install this skill

63/100

Security score

The skill-trust-auditor skill was audited on May 20, 2026 and we found 5 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 92

Direct command execution function call

SourceSKILL.md

92	- `exec()` with user-controlled input

medium line 91

Access to hidden dotfiles in home directory

SourceSKILL.md

91	- Reading `~/.config` or `~/.openclaw` directly

low line 109

Access to hidden dotfiles in home directory

SourceSKILL.md

109	alias clawhub-safe='bash ~/.openclaw/workspace/skills/skill-trust-auditor/scripts/audit.sh $1 && clawhub install $1'

medium line 89

Access to .env file

SourceSKILL.md

89	- `process.env` access in scripts

low line 46

External URL reference

SourceSKILL.md

46	bash scripts/audit.sh https://clawhub.ai/someuser/someskill

Scanned on May 20, 2026

View Security Dashboard

Installation guide →

GitHub Stars 388

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw security-engineer devops-sre development

InternLM/WildClawBench