Security Auditor

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

Security Audit

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Senior Security

Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guida...

AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

clawsec-feed

Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-s...

Senior Secops

Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST sc...

AgentAudit

Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or pack...

BYOCB ArbInjectionSkill

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

Hefestoai Auditor

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leav...

Expanso cve-scan

Scan software bill of materials (SBOM) for known CVE vulnerabilities using Expanso Edge pipelines.

dep-audit

Audit project dependencies for known vulnerabilities (CVEs). Supports npm, pip, Cargo, and Go. Zero API keys required. Safe-by-default: report-only mode, fix...

Node.js Security Audit

Audit Node.js HTTP servers and web apps for security vulnerabilities. Checks OWASP Top 10, CORS, auth bypass, XSS, path traversal, hardcoded secrets, missing...

Web Vulnerability Assessment

Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...

Skill Scanner

Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects cre...

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Git Security Scanner

Unified security scanner that catches leaked secrets, credentials, and code vulnerabilities before they reach your remote. Wraps gitleaks (400+ secret patter...

Security Audit Tianjin

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Pentest Workbench

Comprehensive offensive security workflow for bug bounty, vulnerability assessment, penetration testing, and exploitation. Use when performing security testi...

ai-prompt-engineering-safety-review

Comprehensive AI prompt engineering safety review and improvement prompt. Analyzes prompts for safety, bias, security vulnerabilities, and effectiveness whil...

Lance

Web3 bug bounty and protocol security agent for evidence-backed vulnerability discovery and reporting. Use when auditing smart contracts, DeFi protocols, wal...

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

x-osv

CLI for Google OSV database. Query vulnerabilities for packages, scan local projects for vulnerable dependencies. **Dependency**: This is an x-cmd module. In...

Muguozi1 Openclaw Security Auditor

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secret...

Uplo Cybersecurity

AI-powered cybersecurity knowledge management. Search threat intelligence, vulnerability assessments, incident response plans, and compliance documentation w...

smart-contract-security-audito

Smart Contract Security Auditor: Analyzes Solidity and Go smart contracts for security vulnerabilities, provides gas optimization suggestions, and generates...

Rapid7 Insight Platform

Rapid7 Insight Platform integration. Manage Users, Roles, Organizations, Assets, Vulnerabilities, Findings and more. Use when the user wants to interact with...

Argus — The Hundred-Eyed

Argus — The Hundred-Eyed. Scan your Python or JavaScript codebase for bugs, security vulnerabilities, code smells, and common anti-patterns — get a prior...

CVE Audit Skill

Security auditing skill for scanning CVE vulnerabilities across npm, Python, Go, and Rust projects using osv-ui. Opens a visual browser dashboard for human r...

DeFi Security Audit

Analyze a DeFi protocol for vulnerabilities, mechanism safety, and risk factors. Use when the user wants to audit a DeFi project, check protocol security, or...

Skill Mcp Security Audit

Perform a security audit of MCP servers to detect data exfiltration, command injection, permission escalation, and supply chain vulnerabilities before use.

Secure Code Review

Review code for security vulnerabilities and reliability anti-patterns: scan for SQL injection risks (raw string concatenation into queries), XSS exposure (u...

security-sweep

Security scanner for OpenClaw skills and plugins. Scans for hardcoded secrets, dangerous exec patterns, dependency vulnerabilities, and network egress. Use w...

Security Tester

Security testing for web applications and APIs based on OWASP standards. Identify common vulnerabilities (injection, auth bypass, XSS, CSRF, IDOR), generate...

Access Control Vulnerability Testing

Systematically test web application access controls for broken authorization vulnerabilities. Use this skill whenever: performing a penetration test or secur...

Red Team

Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits.

concurrencyguard

Race condition & concurrency safety analyzer -- detects unprotected shared state, missing locks, TOCTOU vulnerabilities, async/await pitfalls, thread-unsafe...

AI Vulnerability Tracker

AI 漏洞追踪器 - 在 GitHub 和微信公众号搜索近一个月的 AI 相关漏洞（提示词注入、提示词越狱等），并推送到飞书表格。支持去重和翻译。 搜索关键字: prompt injection, prompt jailbreak, LLM vulnerability, AI security, adversar...

HomeNetworkSecurityAgent

Audits local network infrastructure, identifies active hosts, and scans the gateway/public IP for exposed ports and vulnerabilities.

Fix NPM Vulnerabilities

This skill should be used when the user asks about "npm vulnerabilities", "npm audit", "fix npm security", "security vulnerabilities in packages", "vulnerabl...

Application Logic Flaw Testing

Test web application business logic for vulnerabilities that automated scanners cannot detect. Use this skill when: performing a penetration test or security...

Source Code Security Review

Perform a systematic white-box security review of web application source code to find exploitable vulnerabilities. Use this skill when: you have authorized a...

Bug Bounty Triage

Exact-match bug bounty triage workflow for Code4rena, Sherlock, HackenProof, Cantina-style security reviews, Solidity/EVM targets, and vulnerability report p...

Repo Security Auditor

Audit GitHub repositories for security vulnerabilities, malicious code patterns, and suspicious behavior. Clone repos, analyze code for backdoors, data exfil...

Security Analyst

Use when the user wants a security audit, penetration test, threat model, vulnerability hunt, security fix plan, SBOM, compliance mapping, privacy assessment...

security-engineer

Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability mana...

Screenshot Visual

Takes screenshots of targets using Playwright and performs visual/contextual analysis for potential vulnerabilities.

Government Cybersecurity Vulnerability Intel

CVE vulnerability lookup via NIST NVD, CISA KEV, EPSS scores, and MITRE ATT&CK. 7 tools for real-time cybersecurity intelligence.

skill-guard

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.