Before you grant a skill access to your filesystem or network, run it through this. It maps each of the four OpenClaw permission types (fileRead, fileWrite, network, shell) to what could actually go wrong, flags dangerous combinations like network plus fileRead (exfiltration risk), and suggests the minimal set needed for the job. The breakdown is practical: a code reviewer needs src/**, not your entire home directory. Honestly, this should probably be built into the marketplace itself, but until then it's a solid sanity check for anything asking for shell or network access.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill permission-auditor