Rate This Document
Findability
Accuracy
Completeness
Readability

Regular Skills Security Self-Checks to Prevent Supply Chain Attacks

Regularly perform security self-checks on skills to prevent supply chain attacks.

Audit Dimension

Check Item

Installed skill audit

Scans installed skills for malicious code and suspicious behavior.

Review before installing new skills

Performs source verification, permission assessment, and code scanning.

Configuration file integrity

Checks whether the SOUL.md and AGENTS.md files are tampered with.

Abnormal behavior detection

Monitors network connections, file access, and command execution.

Security score tracking

Track trends and changes in skill security scores.

Procedure

  1. Before installing any third-party skills, you can use the security audit tools recommended by OpenClaw, such as skill-vetter, security-audit, and oc-security-hardener.
  2. After installing or updating any skills, run a deep security audit. The --deep flag enables a static security scan of the skill's source code.
    openclaw security audit --deep
  3. If any issues are detected, you can use the --fix option to attempt automatic remediation.
    openclaw security audit --fix