Skill Security Auditor
Metadata
- Name: skill-security-auditor
- Version: 1.1.0
- Author: Galatea / OpenClaw Team
- Category: Security
- Description: OpenClaw skill security auditor with Cisco AI Skill Scanner integration
Requirements
- Python 3.8+
- Cisco AI Skill Scanner (
pip install cisco-ai-skill-scanner[all]) - Dependencies in
requirements.txt
Installation
pip install cisco-ai-skill-scanner[all]
Usage
As CLI Tool
# Scan single skill
./tools/claw-audit.py scan <skill-path>
# Scan all skills
./tools/claw-audit.py scan-all
# Check status
./tools/claw-audit.py status
As Python Module
from lib.scanner_orchestrator import ScannerOrchestrator
orchestrator = ScannerOrchestrator()
result = orchestrator.scan_skill("/path/to/skill")
for finding in result.findings:
print(f"{finding.severity}: {finding.message}")
Commands
scan
Scan a single skill for security issues.
Arguments:
skill_path: Path to skill directory
Options:
-s, --scanners: Scanners to use (cisco, clawsec)--severity: Minimum severity (critical, high, medium, low, info)--no-cve: Skip CVE database check--auto-remediate: Auto-quarantine critical issues-o, --output: Output file path-f, --format: Output format (sarif, json, markdown)--stdout: Print to stdout-d, --detailed: Show detailed findings
scan-all
Scan all skills in a directory.
Arguments:
skills_dir: Skills directory (optional, uses OPENCLAW_SKILLS_DIR)
Options:
-w, --workers: Parallel workers (default: 4)--severity: Minimum severity--auto-remediate: Auto-quarantine
status
Check scanner status and availability.
Output Formats
SARIF 2.1.0
GitHub Code Scanning compatible format.
Markdown
Human-readable report with severity icons and recommendations.
JSON
Machine-readable format for programmatic consumption.
Threat Categories
AITech classification system:
- Prompt Injection
- Data Exfiltration
- Credential Harvesting
- Command Injection
- Dependency Confusion
- Malicious Code Execution
- Network Egress
- Privilege Escalation
- Obfuscation
- Backdoor
- Supply Chain Attack
Configuration
Environment Variables
OPENCLAW_SKILLS_DIR: Default skills directoryCISCO_SCANNER_THRESHOLD: Severity thresholdCLAWSEC_FEED_URL: Threat feed URLAUDIT_AUTO_REMEDIATE: Enable auto-remediation
Config Files
config/default.yaml: Default settingsconfig/cve_cache.json: CVE database cache
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success, no critical/high issues |
| 1 | High severity findings |
| 2 | Critical severity findings |
Development
Running Tests
pytest tests/ -v --cov=lib
Adding New Scanners
- Implement scanner class in
lib/ - Add to
ScannerOrchestrator - Update SPEC.yaml
- Add tests
Changelog
1.1.0 (2026-02-11)
- Migrated from AgentVerus to Cisco AI Skill Scanner
- Unified Python stack (removed Node.js dependency)
- AITech threat classification
- SARIF 2.1.0 output format
1.0.0
- Initial release with AgentVerus
- Basic static analysis
- ASST taxonomy