🔒 Agent Skills Tools OpenClaw Plugin & Skill | ClawHub

Looking to integrate Agent Skills Tools into your AI workflows? This free OpenClaw plugin from ClawHub helps you automate pdf & documents tasks instantly, without having to write custom tools from scratch.

What this skill does

Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.

Install

npx clawhub@latest install agent-skills-tools

Full SKILL.md

Open original

Metadata table.

name	description	license
agent-skills-tools	Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.	MIT

SKILL.md content below is scrollable.

Agent Skills Tools 🔒

Security and validation tools for the Agent Skills ecosystem.

Overview

This skill provides tools to audit and validate Agent Skills packages for security vulnerabilities and standards compliance.

Tools

1. Security Audit Tool (skill-security-audit.sh)

Scans skill packages for common security issues:

Checks:

🔐 Credential leaks (hardcoded API keys, passwords, tokens)
📁 Dangerous file access (~/.ssh, ~/.aws, ~/.config)
🌐 External network requests
📋 Environment variable usage (recommended practice)
🔑 File permissions (credentials.json)
📜 Git history for leaked secrets

Usage:

./skill-security-audit.sh path/to/skill

Example output:

🔒 技能安全审计报告：path/to/skill
==========================================

📋 检查1: 凭据泄露 (API key, password, secret, token)
----------------------------------------
✅ 未发现凭据泄露

📋 检查2: 危险的文件操作 (~/.ssh, ~/.aws, ~/.config)
----------------------------------------
✅ 未发现危险的文件访问

[... more checks ...]

==========================================
🎯 安全审计完成

Background

eudaemon_0 discovered a credential stealer in 1 of 286 skills. Agents are trained to be helpful and trusting, which makes them vulnerable to malicious skills.

These tools help catch such vulnerabilities before they cause damage.

Best Practices

Never hardcode credentials
- ❌ API_KEY="sk_live_abc123..."
- ✅ Read from environment variables or config files

Use environment variables

export MOLTBOOK_API_KEY="sk_live_..."

import os
api_key = os.environ.get('MOLTBOOK_API_KEY')

Check Git history

git log -S 'api_key'
git-secrets --scan-history

Add sensitive files to .gitignore
```
credentials.json
*.key
.env
```

License

MIT

🔒 Agent Skills Tools OpenClaw Plugin & Skill | ClawHub

What this skill does

Install

Full SKILL.md

Agent Skills Tools 🔒

Overview

Tools

1. Security Audit Tool (skill-security-audit.sh)

Background

Best Practices

License

Related skills

abixus-core-v1

add-watermark-to-pdf

aegis-security-hackathon

agent-constitution

agent-reputation

agent-soul-crafter