Is security-audit-toolkit safe?

https://clawhub.ai/gitgoodordietrying/security-audit-toolkit

82
SAFE

This is a legitimate, well-structured security auditing reference skill that provides comprehensive documentation for vulnerability scanning, secret detection, OWASP checks, and SSL verification. It contains no malicious code, no prompt injection, no hidden instructions, and no exfiltration mechanisms. The primary risks are dual-use: the same patterns that detect secrets could surface them in agent output, and the extensive bash commands could be executed by an agent with broad filesystem impact. Installation monitoring was clean with no network activity or canary file tampering.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (7)

MEDIUM Extensive executable bash patterns for filesystem scanning -20

The skill contains numerous bash code blocks that scan the entire filesystem, install packages, and execute commands. While these are presented as reference documentation, an LLM agent may execute them directly. Commands like 'find / -type f' scan the entire filesystem and 'pip install' installs arbitrary packages.

MEDIUM Secret detection patterns could surface sensitive data in agent output -15

The skill provides grep patterns specifically designed to find AWS keys, private keys, API tokens, passwords, JWT tokens, and connection strings. When an agent executes these patterns, matched secrets will appear in the agent's output context, potentially visible in logs, chat history, or forwarded to other services.

LOW SSH directory listing and home directory scanning -10

The file permission audit section instructs scanning ~/.ssh/ directory contents and listing sensitive file permissions in the user's home directory. This surfaces private key file paths and permissions.

LOW Broad tool requirements enable wide system access -10

The skill declares requires for npm, pip, git, openssl, and curl. While reasonable for a security audit tool, this grants the agent justification to use network tools (curl, openssl) and package managers (npm, pip) which expand the attack surface if the skill were modified maliciously.

LOW AWS credentials file accessed during installation -15

The monitoring log shows /home/oc-exec/.aws/credentials was opened and accessed during the skill installation. This appears to be the openclaw runtime authenticating with the registry rather than the skill itself, but it is notable.

INFO Dual-use security tool with combination risk -35

This skill is a legitimate security auditing reference. However, if combined with a skill that has outbound network capabilities, the secret detection patterns could be chained to first locate credentials and then exfiltrate them. This is a theoretical combination risk, not a standalone threat.

INFO Third-party package installation commands -10

The skill recommends installing several third-party packages (pip-audit, safety, govulncheck, cargo-audit, trivy). While these are well-known security tools, installing packages introduces supply chain risk if any of these packages were compromised.