什么是 Skill Trust Auditor？

Skill Trust Auditor 是任何 AI 智能体生态系统的重要安全层。它提供了一个静态分析引擎，旨在检查第三方 Openclaw Skills 的代码和配置。通过识别危险模式（如环境变量访问、外部网络请求或未经授权的文件系统修改），它能确保您的工作区保持安全，保护您的私有数据。

该工具对于经常尝试社区贡献自动化脚本的开发人员和高级用户尤为关键。它通过在本地环境执行任何代码之前，为用户提供清晰的、基于数据的信任评分和潜在漏洞的详细分类，弥合了生产力与安全性之间的鸿沟。

下载入口:https://github.com/openclaw/skills/tree/main/skills/jonathanjing/skill-trust-auditor

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

Skill Trust Auditor 应用场景

• 在部署前验证 ClawHub 社区贡献技能的安全性。
• 识别可能将本地数据泄露到未知域名的隐藏 curl 或 wget 命令。
• 检查技能是否尝试读取敏感文件，如 MEMORY.md 或系统配置目录。
• 在每次安装 Openclaw Skills 之前，在 CI/CD 流水线或 shell 别名中自动化安全检查。
• 调查技能中是否包含与 ClawHavoc 等历史安全事件相关的已知恶意模式。

1. 用户通过 CLI 或要求 AI 智能体验证特定的存储库或 URL 来触发审计。
2. 审计器获取与正在分析的 Openclaw Skills 相关的元数据和脚本文件。
3. 基于 Python 的扫描引擎针对高、中、低风险模式数据库运行静态分析。
4. 工具根据检测到的风险、作者验证和安全编码实践计算出 0 到 100 的信任评分。
5. 生成一份全面的 JSON 报告和易于理解的摘要，提供裁定结果和具体的缓解建议。

Skill Trust Auditor 配置指南

要开始保障您的 Openclaw Skills 安全，请遵循以下安装和配置步骤：

1. 安装

询问您的智能体："安装 skill-trust-auditor 技能。"

或者，使用 CLI：

clawhub install skill-trust-auditor

2. 初始化

运行初始设置脚本以准备扫描环境：

bash scripts/setup.sh

Skill Trust Auditor 数据架构与分类体系

该技能根据以下元数据分类评估模式并生成详细的安全报告：

name: skill-trust-auditor
description: "Audit a ClawHub skill for security risks BEFORE installation."
version: "1.1.3"
metadata:
  {
    "openclaw": {
      "emoji": "???",
      "requires": {
        "bins": ["python3"],
        "anyBins": ["clawhub"]
      }
    }
  }

Skill Trust Auditor

Audit any ClawHub skill for security risks before installation.

??? Installation

1. Ask OpenClaw (Recommended)

Tell OpenClaw: "Install the skill-trust-auditor skill." The agent will handle the installation and configuration automatically.

2. Manual Installation (CLI)

If you prefer the terminal, run:

clawhub install skill-trust-auditor

Setup (first run only)

bash scripts/setup.sh

Audit a Skill

When user says "audit [skill-name]" or "is [skill-name] safe" or before any clawhub install:

bash scripts/audit.sh [skill-name-or-url]
# Example:
bash scripts/audit.sh steipete/clawhub
bash scripts/audit.sh https://clawhub.ai/someuser/someskill

Output:

{
  "skill": "someuser/someskill",
  "trust_score": 72,
  "verdict": "INSTALL WITH CAUTION",
  "risks": [
    {"level": "HIGH", "pattern": "curl to external domain", "location": "scripts/sync.sh:14"},
    {"level": "MEDIUM", "pattern": "reads MEMORY.md", "location": "SKILL.md:23"}
  ],
  "safe_patterns": ["no env var access", "no self-modification"],
  "author_verified": false,
  "recommendation": "Review scripts/sync.sh:14 before installing. The external curl call could exfiltrate data."
}

Post to user with clear summary:

??? Trust Audit: someuser/someskill
Score: 72/100 — ?? INSTALL WITH CAUTION

?? HIGH: curl to unknown domain in scripts/sync.sh:14
?? MEDIUM: reads your MEMORY.md

Recommendation: Inspect line 14 of sync.sh before proceeding.
Run: clawhub show someuser/someskill --file scripts/sync.sh

Trust Score Guide

Risk Pattern Reference

HIGH RISK (-30 each):

• process.env access in scripts
• curl/wget to non-standard domains
• Reading ~/.config or ~/.openclaw directly
• exec() with user-controlled input
• Instructions to modify SOUL.md/AGENTS.md/openclaw.json

MEDIUM RISK (-10 each):

• Any outbound API calls (even to known services)
• File writes outside workspace
• Reading MEMORY.md or diary files

LOW RISK (-3 each):

• web_fetch to standard domains
• Read-only file access in workspace

Auto-Audit Mode

Optionally prepend audit to every install:

# Add to your shell aliases:
alias clawhub-safe='bash ~/.openclaw/workspace/skills/skill-trust-auditor/scripts/audit.sh $1 && clawhub install $1'

ClawHavoc Pattern Reference

See references/clawhavoc-patterns.md for known malicious patterns from the February 2026 incident. Update this file when new incidents are reported.