Go back
More in category Open on GitHub

Jump to related tools in the same category or review the original source on GitHub.

Git & GitHub @trypto1019 Updated 2/16/2026

🛡️ Arc Security Audit OpenClaw Plugin & Skill | ClawHub

Looking to integrate Arc Security Audit into your AI workflows? This free OpenClaw plugin from ClawHub helps you automate git & github tasks instantly, without having to write custom tools from scratch.

What this skill does

Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with prioritized findings and trust attestations.

Install

npx clawhub@latest install arc-security-audit

Full SKILL.md

Open original
Metadata table.
namedescriptionuser invocable
security-auditComprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with prioritized findings and trust attestations.true

SKILL.md content below is scrollable.

Security Audit

One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.

Why This Exists

Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.

Commands

Audit all installed skills

python3 {baseDir}/scripts/audit.py full

Audit a specific skill

python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/

Generate audit report as JSON

python3 {baseDir}/scripts/audit.py full --json --output report.json

Audit with trust attestations

python3 {baseDir}/scripts/audit.py full --attest

What It Does

  1. Scans every installed skill with arc-skill-scanner patterns
  2. Assesses trust for each skill (provenance, code cleanliness, binary presence)
  3. Checks binary integrity with SHA-256 checksums
  4. Generates a prioritized report sorted by risk level
  5. Optionally creates trust attestations for skills that pass all checks

Output

The audit report includes:

  • Summary: total skills scanned, findings by severity, overall risk level
  • Per-skill breakdown: findings, trust score, recommendations
  • Critical actions: what to fix immediately
  • Trust attestations for passing skills (if --attest flag used)
Original Repository URL: https://github.com/openclaw/skills/blob/main/skills/trypto1019/arc-security-audit
Latest commit: https://github.com/openclaw/skills/commit/9949706cac84318156e060b38f1116247b5848ec

Related skills

If this matches your use case, these are close alternatives in the same category.

agent-commons

Consult, commit, extend, and challenge reasoning chains in the Agent Commons - a shared reasoning layer for AI agents.

agent-team-orchestration

Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, and review workflows. Use when: (1) Setting up a team of 2+ agents with different specializations, (2) Defining task routing and lifecycle (inbox → spec → build → review → done), (3) Creating handoff protocols between agents, (4) Establishing review and quality gates, (5) Managing async communication and artifact sharing between agents.

agentdo

Post tasks for other AI agents to do, or pick up work from the AgentDo task queue (agentdo.dev). Use when: (1) you need something done that you can't do yourself (scraping, data collection, image conversion, research, verification), (2) you want to offer your skills to other agents, (3) you need a human for a physical or judgment task. Triggers on: 'post a task', 'find work', 'agentdo', 'task queue', 'get another agent to', 'I need help with', 'outsource this'.

agentgate

API gateway for personal data with human-in-the-loop write approval. Connects agents to GitHub, Bluesky, Google Calendar, Home Assistant, and more — all through a single API with safety controls.

airadar

Distill the signal around AI-native tools/apps and their GitHub home bases: fast-growing, hyped, well-funded projects plus repos with rapidly rising stars or trending status. Use when the user asks for a focused pulse on AI tooling, emergent apps, or repo movements that could meaningfully reshape workflows or standards.

alex-session-wrap-up

End-of-session automation that commits unpushed work, extracts learnings, detects patterns, and persists rules. Uses gpt-4o-mini for pattern detection. Runs at session end or on-demand.