Skills
skills/useai-pro/openclaw-skills-security/skill-auditor/Gen Agent Trust Hub

skill-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill metadata and functionality are well-aligned. The author 'useclawpro' is consistent with the vendor identity 'useai-pro' for this security project, and the description accurately matches the implementation of the auditing protocol.
  • [DATA_EXFILTRATION]: The skill is safe from data exfiltration. While it uses the 'fileRead' permission to analyze other skill files, the 'network' and 'fileWrite' permissions are disabled, making it impossible for the skill to transmit data externally.
  • [PROMPT_INJECTION]: The skill analyzes untrusted third-party skill files, creating an attack surface for indirect prompt injection. However, this is mitigated by its lack of sensitive permissions and its internal protocol for normalizing and decoding text before analysis.
  • Ingestion points: 'fileRead' permission used to scan SKILL.md files.
  • Boundary markers: No explicit prompt delimiters for audited content are defined in the instructions.
  • Capability inventory: Restricted to read-only file access.
  • Sanitization: The auditing protocol specifies steps to normalize text and decode obfuscated content before evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 01:31 AM