code-audit

Three-mode code auditor for OpenClaw workspaces. (1) Security audit — finds hardcoded secrets, dangerous shell commands, SQL injection, unsafe deserialization; (2) Quality audit — detects dead code, magic numbers, excessive complexity, TODO/FIXME debt; (3) Soul audit (OpenClaw-exclusive) — inspects SOUL.md/MEMORY.md/AGENTS.md/SKILL.md for missing safety rules, plaintext API keys, cross-file consistency, and trigger-word conflicts across Skills. Outputs tiered HTML report (🔴 Critical / 🟡 Warning / 🟢 Info) saved to Desktop. Optional --ai flag generates a structured Claude analysis prompt. Weekly automated soul audit via cron is supported. Triggers: 'code audit', 'security audit', 'soul audit', 'find vulnerabilities', 'scan code', 'check config files', 'review skills'.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code-audit" with this command: npx skills add hanwenyolo-dot/code-audit-claw

Code Audit Skill

🚨 铁律(ABSOLUTE RULES)

  1. 本 Skill 文件(SKILL.md、references/.md、scripts/.py)严禁自行修改 — 发现问题或改进建议,必须先向用户汇报,等待明确确认后才能执行修改
  2. 审计报告只读:输出报告,不自动修复任何被审计的文件
  3. 修复建议 ≠ 执行:给出修复方案后,等用户确认再动手

扫描脚本

scripts/audit_scanner.py — 核心扫描工具,支持三种模式。

# 全量审计(默认)
python3 scripts/audit_scanner.py <目标路径> --mode all

# 仅安全审计
python3 scripts/audit_scanner.py <目标路径> --mode security

# 仅质量审计
python3 scripts/audit_scanner.py <目标路径> --mode quality

# 仅灵魂文件审计
python3 scripts/audit_scanner.py <目标路径> --mode soul

脚本自动区分"灵魂文件"(SOUL.MD / MEMORY.MD / AGENTS.MD / HEARTBEAT.MD / USER.MD / SKILL.MD)和普通代码文件,分别应用不同规则集。

SOP

  1. 确认目标:让用户指定要审计的文件路径或目录
  2. 推断模式
    • 目标含 SOUL/MEMORY/AGENTS → soul 模式
    • 目标是代码文件 → securityquality
    • 未指定 → all
  3. 运行扫描:执行 audit_scanner.py
  4. 输出报告:分 🔴 Critical / 🟡 Warning / 🟢 Info 三级
  5. 给出建议:针对每个 Critical/Warning 问题,提供修复建议

审计规则参考

  • 安全规则:references/security-rules.md
  • 质量规则:references/quality-rules.md
  • 灵魂文件规则:references/soul-rules.md(含 SOUL.md 铁律完整性检查清单)

常用审计场景

场景命令
审计整个 workspace--mode all ~/.openclaw/workspace
只看灵魂文件--mode soul ~/.openclaw/workspace
审计某个脚本--mode security scripts/analyzer.py
审计所有 Skills--mode soul ~/.openclaw/workspace/skills
系统安全检查--mode system ~/.openclaw/workspace

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

DeepSafe Scan

Preflight security scanner for OpenClaw — scans deployment config, skills, memory/sessions for secrets, PII, prompt injection, and dangerous patterns. Runs 4...

Registry SourceRecently Updated
740Profile unavailable
Security

Baseline Kit

OpenClaw 安全配置基线生成器和审计工具。生成开发/团队/企业/隔离环境的安全配置模板,并审计现有配置的安全问题(网络暴露、认证限流、技能来源限制、审计日志、备份策略、密钥卫生)。

Registry SourceRecently Updated
2390Profile unavailable
Security

ClawGears

Conduct security audits for OpenClaw-based AI assistants on macOS to detect exposure risks, weak tokens, sensitive commands, and IP leaks.

Registry SourceRecently Updated
1160Profile unavailable
Security

JEP Guard

JEP Guard intercepts high-risk commands, requires user confirmation, issues temporary tokens, and logs actions with exportable audit receipts.

Registry SourceRecently Updated
1830Profile unavailable