From sundial-org-awesome-openclaw-skills-4
Audits locally installed agent skills for security/policy issues using SkillLens CLI. Scans skill directories, produces risk-focused reports with verdicts and evidence.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sundial-org-awesome-openclaw-skills-4:skills-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- One-off run: `npx skilllens scan` (or `pnpm dlx skilllens scan`)
npx skilllens scan (or pnpm dlx skilllens scan)pnpm add -g skilllensskilllens config to see configured scan roots and auditor CLI availability.skilllens scan to scan configured roots, or skilllens scan <path> to scan a specific directory.--verbose to see raw auditor output and --force to ignore cached results.Define scope
~/.codex/skills) unless the user explicitly wants all configured roots.skilllens scan ./skills).Inventory skills with SkillLens
skilllens scan [path] [--auditor claude|codex].skipped statuses as “manual review required”, not “safe”.Prioritize review order
unsafe or suspicious verdicts first.Manually review each skill’s contents
SKILL.md and any referenced scripts/, references/, and assets/.Evaluate risks (focus on realistic abuse)
curl | bash, eval, or to fetch-and-execute code.Produce a report
name, path, verdict (safe/suspicious/unsafe), risk (0–100), and bullet issues with concrete evidence (quote or filename).skilllens scanskilllens scan ~/.codex/skillsskilllens scan ~/.codex/skills --force --verbosenpx claudepluginhub sundial-org/awesome-openclaw-skillsScans agent skill files for security issues: prompt injection, malicious scripts, excessive permissions, secret exposure, and supply chain risks. Useful before skill installation.
Scans agent skills for prompt injection, malicious code, excessive permissions, secret exposure, and supply chain risks before adoption.
Scans AI agent skills for security risks before installation, detecting code execution, prompt injection, and credential harvesting. Use when evaluating skills from untrusted sources.