SkillHub

arc-security-audit

v1.1.0

Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with prioritized findings and trust attestations.

Sourced from ClawHub, Authored by ArcSelf

Installation

Please help me install the skill `arc-security-audit` from SkillHub official store. npx skills add Trypto1019/arc-security-audit

Security Audit

One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.

Why This Exists

Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.

Commands

Audit all installed skills

python3 {baseDir}/scripts/audit.py full

Audit a specific skill

python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/

Generate audit report as JSON

python3 {baseDir}/scripts/audit.py full --json --output report.json

Audit with trust attestations

python3 {baseDir}/scripts/audit.py full --attest

What It Does

  1. Scans every installed skill with arc-skill-scanner patterns
  2. Assesses trust for each skill (provenance, code cleanliness, binary presence)
  3. Checks binary integrity with SHA-256 checksums
  4. Generates a prioritized report sorted by risk level
  5. Optionally creates trust attestations for skills that pass all checks

Output

The audit report includes: - Summary: total skills scanned, findings by severity, overall risk level - Per-skill breakdown: findings, trust score, recommendations - Critical actions: what to fix immediately - Trust attestations for passing skills (if --attest flag used)