Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.
You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.
Deep audit of all installed skills with line-level findings.
python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace
python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace
Compact table showing permission categories per skill.
python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace
One-line summary of permission risk.
python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace
| Category | Risk | Examples |
|---|---|---|
| ---------- | ------ | ---------- |
| Serialization | CRITICAL | pickle, eval(), exec(), __import__ |
| Subprocess | HIGH | subprocess, os.system, Popen, command substitution |
| Network | HIGH | urllib, requests, curl, wget, hardcoded URLs |
| File Write | MEDIUM | open('w'), shutil.copy, os.remove, rm |
| Environment | MEDIUM | os.environ, os.getenv, os.putenv |
| Crypto | LOW | hashlib, hmac, ssl |
| File Read | LOW | open('r'), os.walk, glob |
0 — Clean, all skills within normal bounds1 — Elevated permissions detected (review needed)2 — Critical permissions detected (action needed)Python standard library only. No pip install. No network calls. Everything runs locally.
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
共 1 个版本