Security auditor for AI agent skills. Scans SKILL.md files for prompt injection, data exfiltration, obfuscation, and dangerous capability combinations.
Static security analyzer for OpenClaw SKILL.md files. Detects prompt injection, credential exfiltration, obfuscated payloads, and dangerous capability combinations before you install.
Paste or pipe any SKILL.md content and get back a trust score (0-100) with detailed findings.
Detects:
Zone-aware analysis — understands markdown structure. Code blocks are weighted as executable instructions. Security documentation describing threats is not flagged as a threat itself.
Audit a skill before installing:
curl -s https://clauwdit.4worlds.dev/audit/author/skill-name
Or POST raw skill content:
curl -s -X POST https://clauwdit.4worlds.dev/audit \
-H "Content-Type: application/json" \
-d '{"skill":"author/skill-name"}'
| Score | Tier | Meaning |
|---|---|---|
| 80-100 | Trusted | No significant issues found |
| 60-79 | Moderate | Minor concerns, review recommended |
| 40-59 | Suspicious | Significant issues, use with caution |
| 0-39 | Dangerous | Critical threats detected, do not install |
{
"trust": { "score": 85, "tier": "trusted" },
"findings": [
{
"severity": "medium",
"description": "Network request capability detected",
"zone": "code",
"line": 12
}
],
"capabilities": ["network_out", "file_read"],
"compoundThreats": [],
"permissionIntegrity": { "undeclared": [], "unused": [] }
}
Built by 4Worlds. Zone-aware static analysis with 60+ detection patterns, Unicode homoglyph normalization, and compound threat detection.