Skills Audit (skills-audit)

A security-oriented skill for managing OpenClaw skills safely. This package includes executable Python scripts (not instructions-only), with six core capabilities:

1. Threat scanning (static analysis)
2. Append-only audit logs (local NDJSON)
3. Skills monitoring & notifications (push alerts on changes)
4. File-level diff + content diff (git snapshots)
5. Baseline approval mechanism (approved skills don't repeat-alert)
6. Semantic analysis (dangerous functions + capability analysis)

This skill performs static analysis of audited skills — it does not execute the code of the audited skill itself. However, the audit tool does execute local trusted commands/subprocesses such as git, Python helper scripts, and controlled local process calls needed for snapshotting, diffing, and notification generation.

Requirements

• Python ≥ 3.9, standard library only (no third-party dependencies)
• git (required for content diff snapshots and local repository history)