Phase 4 / Ep 22: Skill Security Audit — Essential Preparations Before Installing ClawHub
🎯 Learning Objective: Establish security review awareness and methodologies for third-party Skills.
1. Why is Auditing Necessary?
The scripts directory of a Skill may contain arbitrary executable code. If your Agent has coding or full permissions, a malicious Skill could:
- Steal your API Keys
- Read and upload private files
- Install backdoor programs
- Consume massive amounts of LLM tokens
2. Audit Checklist
✅ SKILL.md Check
| Check Item | 🟢 Safe Signal | 🔴 Danger Signal |
|---|---|---|
| Permission Declaration | Explicitly declares required permissions | Requests full permissions but has simple functionality |
| Clear Description | Specific and clear functional description | Vague description, unclear functionality |
| Version Number | Follows SemVer | Chaotic version numbering |
| Author Information | Traceable author identity | Published anonymously |
✅ scripts/ Directory Check
- Does the code contain
curlrequests to unknown servers? - Does it read
~/.openclaw/openclaw.json(contains sensitive configurations)? - Does it contain
evalor dynamic code execution? - Does it modify files outside the working directory?
✅ Permission Declaration vs. Actual Behavior
Declares only needing basic permissions, but the script contains rm -rf? Reject the installation immediately.
3. Enterprise Environment Security Policies
# Set Skill whitelist mode
openclaw config set skills.installMode whitelist
openclaw config set skills.allowedSources ["openclaw/*", "verified/*"]
4. Security Audit Commands
# Preview Skill content before installation
openclaw skills preview web-search
# Inspect the script source code of a Skill
openclaw skills inspect web-search --scripts
Next Episode Preview: Phase 5 begins! Ep 23, Plugin vs. Skill — When to use which? Understanding the middleware pipeline architecture of Plugins.