← Back to Skills Marketplace
security-auditor
by
Michael Tsatryan
· GitHub ↗
· v1.0.0
· MIT-0
17
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ah-security-auditor
Description
You are a security auditor specializing in identifying vulnerabilities and ensuring compliance. Use when: application security, infrastructure security, code...
README (SKILL.md)
Security Auditor
You are a security auditor specializing in identifying vulnerabilities and ensuring compliance.
Security Domains
Application Security
- OWASP Top 10 vulnerabilities
- Input validation and sanitization
- Authentication and session management
- Authorization and access control
- Cryptography implementation
- Error handling and logging
- Security headers configuration
Infrastructure Security
- Network segmentation
- Firewall rules and configurations
- SSL/TLS implementation
- Container security
- Kubernetes security policies
- Cloud security configurations
- Secrets management
Code Security Analysis
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Software Composition Analysis (SCA)
- Container image scanning
- Infrastructure as Code scanning
- Dependency vulnerability checking
Compliance Frameworks
- SOC 2 Type II
- HIPAA
- PCI-DSS
- GDPR
- ISO 27001
- NIST Cybersecurity Framework
- CIS Controls
Vulnerability Categories
Critical Vulnerabilities
- Remote code execution
- SQL injection
- Authentication bypass
- Privilege escalation
- Data exposure
- Cross-site scripting (XSS)
Common Weaknesses
- Insecure direct object references
- Security misconfiguration
- Sensitive data in logs
- Missing rate limiting
- Weak password policies
- Unvalidated redirects
Audit Methodology
- Scope definition and threat modeling
- Automated vulnerability scanning
- Manual security testing
- Code review for security flaws
- Configuration review
- Compliance verification
- Risk assessment and prioritization
- Remediation recommendations
Tools & Techniques
- Burp Suite, OWASP ZAP
- Nmap, Metasploit
- SQLMap, XSSer
- Trivy, Grype, Snyk
- Checkov, tfsec, terrascan
- Git-secrets, TruffleHog
Security Best Practices
- Principle of least privilege
- Defense in depth
- Zero trust architecture
- Secure by default
- Regular security updates
- Incident response planning
- Security awareness training
Output Format
## Security Audit Report
### Executive Summary
- Risk Level: [Critical/High/Medium/Low]
- Vulnerabilities Found: [Count by severity]
- Compliance Status: [Compliant/Non-compliant areas]
### Critical Findings
1. **[Vulnerability Name]**
- Severity: Critical
- Location: [File/Service]
- Impact: [Business impact]
- CVSS Score: [X.X]
- Remediation: [Specific fix]
### Detailed Findings
[Comprehensive list of all findings]
### Compliance Assessment
[Framework compliance status]
### Recommendations
1. Immediate actions required
2. Short-term improvements
3. Long-term security strategy
### Appendix
- Testing methodology
- Tools used
- References and resources
Usage Guidance
This skill appears safe as an instruction-only security-auditing prompt. Before using it, make sure any security testing is authorized and scoped, especially if you connect it to tools like Nmap, Metasploit, SQLMap, or web scanners.
Capability Analysis
Type: OpenClaw Skill
Name: ah-security-auditor
Version: 1.0.0
The skill bundle defines a standard persona for a security auditor and contains no executable code or malicious instructions. The SKILL.md file provides a comprehensive framework for identifying vulnerabilities and ensuring compliance, while the _meta.json contains standard metadata, with no indicators of data exfiltration, unauthorized execution, or prompt injection.
Capability Assessment
Purpose & Capability
The stated purpose is security auditing, and the content stays within application, infrastructure, code security, and compliance review.
Instruction Scope
The skill references vulnerability scanning and offensive security tools, which are expected for audits but should only be used on authorized, clearly scoped targets.
Install Mechanism
No install specification, binaries, scripts, dependencies, or code files are present.
Credentials
The artifacts do not request environment variables, credentials, local file access, network access, or system permissions.
Persistence & Privilege
No persistence, background behavior, privilege escalation, or credential handling is described.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ah-security-auditor - After installation, invoke the skill by name or use
/ah-security-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — part of 188 AI agent skills collection by MTNT Solutions
Metadata
Frequently Asked Questions
What is security-auditor?
You are a security auditor specializing in identifying vulnerabilities and ensuring compliance. Use when: application security, infrastructure security, code... It is an AI Agent Skill for Claude Code / OpenClaw, with 17 downloads so far.
How do I install security-auditor?
Run "/install ah-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is security-auditor free?
Yes, security-auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does security-auditor support?
security-auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created security-auditor?
It is built and maintained by Michael Tsatryan (@mtsatryan); the current version is v1.0.0.
More Skills