Security Audit (Sona)

Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.

GitHub

Manus

Run Skill in Manus↗

How to load & run skills

Claude

OpenAI

OpenAI Codex↗

Cursor

Antigravity

GitHub

Repo↗Homepage↗

README.md

Rendered from GitHub raw

On this page

security-audit (OpenClaw skill)Quick start Security levels License

security-audit (OpenClaw skill)

This repository is a text-based OpenClaw/ClawHub skill bundle.

Entry point: SKILL.md
Purpose: hostile, fail-closed auditing of repos/skills before enabling

Quick start

./scripts/run_audit_json.sh <path> > /tmp/audit.json
jq '.ok, .tools' /tmp/audit.json

Security levels

OPENCLAW_AUDIT_LEVEL=standard ./scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=strict   ./scripts/run_audit_json.sh <path>
OPENCLAW_AUDIT_LEVEL=paranoid ./scripts/run_audit_json.sh <path>

License

MIT (see LICENSE).