skill-audit
Skill Audit — Pre-Install Security Scanner
Overview
7.5% of 14,706 OpenClaw skills are confirmed malicious. This skill provides a structured 6-phase security review you run before installing any third-party skill.
Research findings (2026):
- RankClaw audited 14,706 skills → 1,103 malicious (brand-jacking, prompt injection, RCE)
- Vett.sh found 59 critical-risk droppers disguised as legitimate tools
- Cisco, CrowdStrike, NCC Group all published skill supply chain attack reports
When to Use This Skill
- Use when you're about to install a third-party skill from GitHub, ClawHub, or any registry
- Use when you want to verify a skill's security before adding it to your agent
- Use when the user says "install this skill" or "add this skill"
- Use when reviewing skills for potential security issues
How It Works
More from sickn33/antigravity-awesome-skills
docker-expert
You are an advanced Docker containerization expert with comprehensive, practical knowledge of container optimization, security hardening, multi-stage builds, orchestration patterns, and production deployment strategies based on current industry best practices.
15.0Knodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
11.2Ktypescript-expert
TypeScript and JavaScript expert with deep knowledge of type-level programming, performance optimization, monorepo management, migration strategies, and modern tooling.
8.3Kapi-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
7.0Kclean-code
This skill embodies the principles of \"Clean Code\" by Robert C. Martin (Uncle Bob). Use it to transform \"code that works\" into \"code that is clean.\"
6.6Knextjs-best-practices
Next.js App Router principles. Server Components, data fetching, routing patterns.
5.2K