← Back to Skills Marketplace
dorukardahan

Ralph Quick Security Check

by dorukardahan · GitHub ↗ · v3.0.0
cross-platform ⚠ suspicious
769
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ralph-quick
Description
Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan',...
Usage Guidance
This skill is internally consistent for a quick repo-focused security spot-check. Before installing or running it: - Ensure the agent runs in a safe workspace or a checked-out copy (it will read source code, CI files, Dockerfiles and may rename or write .ralph-report.md). - If you do not want any code executed, restrict the agent from running shell commands or performing PoC verification; treat VERIFIED findings that require PoC as manual actions. - Review report outputs and any file renames before committing them to source control. - Prefer running this skill on non-production or CI snapshots when you want it to perform any potentially disruptive verification steps. If you need stricter guarantees (no execution, no writes), require the skill to operate in read-only mode or provide a configuration that disallows PoC/execution steps.
Capability Analysis
Type: OpenClaw Skill Name: ralph-quick Version: 3.0.0 The skill instructs the AI agent to execute shell commands (e.g., `git rev-parse --show-toplevel` in SKILL.md) and perform extensive file system operations (reading various project files, writing/renaming `.ralph-report.md`). While these capabilities are plausibly needed for its stated purpose of a security audit, they introduce a significant attack surface. The explicit shell execution and broad file system access, even without clear malicious intent within the skill's own instructions, classify it as 'suspicious' due to the potential for abuse if the OpenClaw agent's execution environment or user input sanitization is vulnerable to injection.
Capability Assessment
Purpose & Capability
Name/description (quick security spot-check) align with the instructions: the SKILL.md explicitly directs repository discovery, secret and OWASP-style checks, and lightweight infra checks. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
Instructions require reading repository files (git metadata, package manifests, Dockerfiles, CI configs, source code) and saving a report to .ralph-report.md — all relevant to the stated purpose. Be aware the VERIFY step allows code reading and 'PoC' style verification (VERIFIED), which could lead the agent to execute or construct proofs-of-concept if the agent is permitted to run commands; that behavior is coherent for a security audit but raises operational risk and should be limited or sandboxed in production environments.
Install Mechanism
Instruction-only skill with no install spec and no code files; no downloads or external packages are pulled. Low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The checks are file- and repo-focused, so required access is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It writes/renames a report file in the workspace (.ralph-report.md) which is expected behavior for an audit tool; it does not claim to modify other skills or agent configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ralph-quick
  3. After installation, invoke the skill by name or use /ralph-quick
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
Latest update
v2.0.0
Initial publish — security audit skill (10/100/1K/10K iterations)
Metadata
Slug ralph-quick
Version 3.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Ralph Quick Security Check?

Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan',... It is an AI Agent Skill for Claude Code / OpenClaw, with 769 downloads so far.

How do I install Ralph Quick Security Check?

Run "/install ralph-quick" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ralph Quick Security Check free?

Yes, Ralph Quick Security Check is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ralph Quick Security Check support?

Ralph Quick Security Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ralph Quick Security Check?

It is built and maintained by dorukardahan (@dorukardahan); the current version is v3.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments