Skill Security Audit β 2026-02-28
β οΈ Immediate Attention: NONE
No malicious or suspicious skills detected. All installed skills are clean.
Summary
- Total skills audited: 74 (52 npm-bundled + 22 workspace-installed)
- Clean: 74
- Suspicious: 0
- Malicious: 0
Threat Intelligence
Cross-referenced against ClawHavoc campaign (discovered Feb 2026):
- 341β1,184 malicious skills found on ClawHub marketplace
- Attack pattern: fake "Prerequisites" sections directing users to download AMOS (Atomic macOS Stealer) via password-protected ZIPs or obfuscated glot.io scripts
- IOC domains: glot.io snippets, app-distribution.net, IP 91.92.242.30
- Target categories: crypto/Solana wallets, Polymarket bots, YouTube tools, ClawHub typosquats
None of these IOCs or patterns were found in any installed skill.
Scan Results
NPM-Bundled Skills (~/.npm-global/lib/node_modules/openclaw/skills/)
| Skill | Status | Notes |
|---|---|---|
| 1password | β Clean | |
| apple-notes | β Clean | References pip install (legitimate) |
| apple-reminders | β Clean | |
| bear-notes | β Clean | |
| blogwatcher | β Clean | |
| blucli | β Clean | |
| bluebubbles | β Clean | |
| camsnap | β Clean | |
| canvas | β Clean | References fetch (documentation only) |
| clawhub | β Clean | |
| coding-agent | β Clean | References npm install for pi agent (documented) |
| discord | β Clean | |
| eightctl | β Clean | |
| gemini | β Clean | |
| gh-issues | β Clean | |
| gifgrep | β Clean | |
| github | β Clean | |
| gog | β Clean | |
| goplaces | β Clean | |
| healthcheck | β Clean | |
| himalaya | β Clean | |
| imsg | β Clean | |
| mcporter | β Clean | |
| model-usage | β Clean | |
| nano-banana-pro | β Clean | base64 usage for image data (legitimate) |
| nano-pdf | β Clean | |
| notion | β Clean | |
| obsidian | β Clean | |
| openai-image-gen | β Clean | base64 for image decode (legitimate) |
| openai-whisper | β Clean | |
| openai-whisper-api | β Clean | curl for API calls (legitimate) |
| openhue | β Clean | |
| oracle | β Clean | |
| ordercli | β Clean | |
| peekaboo | β Clean | |
| sag | β Clean | |
| session-logs | β Clean | |
| sherpa-onnx-tts | β Clean | |
| skill-creator | β Clean | |
| slack | β Clean | |
| songsee | β Clean | |
| sonoscli | β Clean | |
| spotify-player | β Clean | |
| summarize | β Clean | |
| things-mac | β Clean | |
| tmux | β Clean | |
| trello | β Clean | |
| video-frames | β Clean | |
| voice-call | β Clean | |
| wacli | β Clean | |
| weather | β Clean | |
| xurl | β Clean |
Workspace Skills (~/.openclaw/workspace/skills/)
| Skill | Status | Notes |
|---|---|---|
| agent-autonomy-kit | β Clean | |
| api-gateway | β Clean | |
| auto-updater | β Clean | |
| automation-workflows | β Clean | |
| blogwatcher | β Clean | |
| deep-research-pro | β Clean | |
| find-skills | β Clean | |
| frontend-design | β Clean | |
| github | β Clean | |
| gmail | β Clean | |
| home-assistant | β Clean | curl for HA API (legitimate, uses HA_TOKEN) |
| humanizer | β Clean | |
| mcporter | β Clean | |
| n8n | β Clean | Has Python scripts for n8n API (legitimate) |
| nano-banana-pro | β Clean | |
| obsidian | β Clean | |
| openai-whisper | β Clean | |
| outlook-api | β Clean | |
| self-improving-agent | β Clean | References SOUL.md/AGENTS.md in documentation context only (suggests where to promote learnings) |
| summarize | β Clean | |
| telegram | β Clean | |
| youtube-watcher | β Clean |
What Was Checked
- Malicious URLs/domains: grep for curl, wget, fetch to external domains β only legitimate API calls found
- System file tampering: grep for SOUL.md/MEMORY.md/AGENTS.md write/modify β only documentation references found (self-improving-agent suggests edits, doesn't perform them autonomously)
- Obfuscated code: grep for base64, eval, atob, encoded hex β only legitimate image processing (base64 decode of API image responses)
- Binary downloads: grep for npm install, pip install, chmod +x, /tmp β only documented tool installation instructions
- ClawHavoc IOCs: grep for glot.io, openclaw-agent, app-distribution.net, 91.92.242.30 β zero matches
- Typosquat names: checked for crypto/solana/phantom/polymarket/wallet/trading skill names β zero matches
Recommendations
- No immediate action needed β all skills are clean
- Consider pinning skill versions and reviewing diffs on updates (ClawHavoc has been expanding)
- The
auto-updaterskill auto-updates from ClawHub β monitor its update summaries for new skill installs from unknown authors - Re-run this audit periodically, especially after installing new skills from ClawHub