← Back to Skills Marketplace
sf0799

Code Security

by sf0799 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ Security Clean
222
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install code-security
Description
Review code for security risks like injection, auth flaws, sensitive data leaks, and recommend precise, actionable fixes with risk levels and patches.
README (SKILL.md)

安全审查

只报真实风险,不制造恐慌。

工作流

  1. 找出信任边界、用户输入、特权操作和敏感数据路径。
  2. 重点检查注入、路径穿越、XSS、不安全反序列化、认证授权缺陷、密钥泄露、不安全日志和命令执行问题。
  3. 同时评估可利用性和影响面,不夸大低置信度问题。
  4. 用清晰等级标记风险,如 critical、high、medium、low。
  5. 给出直接可落地的修复建议,能给代码补丁时优先给补丁。
  6. 如果本轮无法彻底关闭风险,就说明残余风险和后续检查点。

输出

  • 风险点
  • 风险等级
  • 影响说明
  • 修复方案
  • 可直接使用的补丁或代码建议
Usage Guidance
This skill appears to do what it says: review the workspace for security issues and suggest fixes. Before running it, consider: (1) the skill will read files in your current workspace — remove or temporarily redact any secrets, credentials, or sensitive files you don't want inspected or leaked in output; (2) scope the review (specific files or directories) rather than scanning an entire repository if it contains private keys or production credentials; (3) run the review on a local copy or sanitized snapshot if you are concerned; (4) the skill's source/homepage is unknown — if provenance matters to you, prefer tools from known authors or with visible source code; (5) if you are uncomfortable with autonomous invocation, you can disable model-invocation for skills or require explicit user invocation. These are operational precautions rather than technical blockers.
Capability Analysis
Type: OpenClaw Skill Name: code-security Version: 0.1.0 The 'code-security' skill bundle is designed to assist users in performing security audits on application code. The instructions in SKILL.md and the configuration in agents/openai.yaml focus on identifying common vulnerabilities such as SQL injection, XSS, and credential leaks, and providing remediation advice. No malicious intent, data exfiltration, or suspicious execution patterns were identified.
Capability Assessment
Purpose & Capability
Name, description, and instructions all describe a code security review. The skill requires no binaries, env vars, or config paths, which is proportionate for an instruction-only code-review helper. Note: the package source/homepage is unknown (no provenance), which reduces external trust but does not create technical incoherence.
Instruction Scope
SKILL.md tells the agent to review code in the current workspace for specific issues and to produce fixes/patches. It does not instruct network exfiltration or reading unrelated system files. Important operational note: 'current workspace' implies the agent will read project files (which may include secrets or credentials); this is expected behavior for a code-audit skill but worth being aware of and scoping before use.
Install Mechanism
No install specification and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its purpose as a local code reviewer and is proportionate.
Persistence & Privilege
Flags show always:false and user-invocable:true (defaults). The skill does not request persistent presence or system-wide changes. Model invocation is enabled by default (disable-model-invocation:false) which is normal for skills; this alone is not a red flag.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install code-security
  3. After installation, invoke the skill by name or use /code-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
initial release
Metadata
Slug code-security
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Code Security?

Review code for security risks like injection, auth flaws, sensitive data leaks, and recommend precise, actionable fixes with risk levels and patches. It is an AI Agent Skill for Claude Code / OpenClaw, with 222 downloads so far.

How do I install Code Security?

Run "/install code-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Code Security free?

Yes, Code Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Code Security support?

Code Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Code Security?

It is built and maintained by sf0799 (@sf0799); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments