sona-security-audit logo

sona-security-audit

#1442 · by virtaava
skillopenclawagent-skill
3.16/ 5.00
trustedBeta
Mar 4, 2026 at 4:57 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high6 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

1 of 1 sub-signals with data

virustotal scan100%2.5

Uptime, latency, error rates, and incident history

1 of 1 sub-signals with data

content safety100%5.0

Commit recency, release cadence, issue response, CI/CD

1 of 1 sub-signals with data

freshness100%3.8

Downloads, stars, dependents, and growth trajectory

1 of 1 sub-signals with data

adoption100%0.6

License, documentation, security policy, changelog

1 of 1 sub-signals with data

transparency100%3.5

Track record, org maturity, community standing

1 of 1 sub-signals with data

publisher reputation100%2.5
About this score
Scored across 6 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Signal Detailsfrom signal_history
VirusTotal Scan2.5
PENDING

ClawHub submits every skill to VirusTotal on publish. Scanned by 70+ security vendors for malware, trojans, and suspicious patterns.

Source: ClawHub moderation
Content Safety5.0
NO ISSUES

Scanned for credential leaks, shell injection, config tampering, base64 payloads, sensitive path access, SOUL.md/AGENTS.md tampering.

3,495 characters analyzed
Publisher Reputation3.8
GitHubvirtaava
Adoption0.6
Installs3
Downloads2,093
Stars0
Comments0
View on ClawHub
Freshness3.5
Last updated6d ago
Latest versionv0.1.3
Versions published4
ChangelogPresent
Transparency2.5
7/7 checks passed100%
Has Tags Has Changelog No Obfuscation Has Description Has Frontmatter Has Usage Instructions Substantive Description
Trust AssessmentAI Assessment

**sona-security-audit** is a fail-closed security auditing skill published by virtaava under an unknown license, providing secrets scanning, SAST, and supply-chain checks for OpenClaw/ClawHub. The service achieves perfect content safety scores and demonstrates reasonable transparency with declared dependencies (jq, trufflehog, semgrep, python3), though the unknown license complicates compliance verification. With minimal adoption (0 stars) and moderate publisher reputation, organizations should validate the skill's behavior in non-production environments before relying on its fail-closed enforcement model for security gates.

Generated by Fabric AI · Mar 4, 2026 at 4:57 AM

Incidents & Alertslast 90 days
Feb 25Trust score increased by 2.792.79
Feb 25Trust score increased by 2.792.79
Feb 25sona-security-audit added to Trust Index3.24
Showing 3 of 3 events
Score History9 snapshots
5.003.752.501.250.00
Feb 25Mar 4
Data Sources4 indexed
VirusTotalMalware scanning by 70+ security vendors
ClawHub RegistryInstall counts, stars, version history, moderation status
GitHub APIPublisher account age, activity, reputation
SKILL.md AnalysisStatic content analysis for credential leaks, malicious patterns

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card