← Back to Skills Marketplace
2326
Downloads
1
Stars
11
Active Installs
1
Versions
Install in OpenClaw
/install secure-code-guardian
Description
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.
Usage Guidance
This is a coherent, instruction-only secure‑coding skill that provides useful patterns and example code. Before using it: (1) review example snippets—they reference environment variables and services (JWT_SECRET, SESSION_SECRET, Redis, DB, file I/O) but the skill doesn't declare them; supply and protect any secrets via your secret manager rather than pasting them into code or logs; (2) vet and test the provided templates in a safe environment before deploying to production; (3) verify any third-party libraries you install (bcrypt, jsonwebtoken, helmet, DOMPurify, etc.) for licensing and vulnerabilities and run dependency scans; (4) note the skill author/source is unknown—if you need stronger assurance, prefer guidance from a known maintainer or audit the content line-by-line before automation. Overall the skill appears consistent with its stated purpose, but exercise normal caution around secrets and operational configuration.
Capability Analysis
Type: OpenClaw Skill
Name: secure-code-guardian
Version: 0.1.0
The skill bundle is designed to instruct an AI agent on secure coding practices and OWASP Top 10 prevention. All files, including the SKILL.md and various reference markdown files, consistently provide guidance and code examples for implementing robust security controls. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The code snippets demonstrate secure handling of secrets (e.g., `process.env.JWT_SECRET`), proper input validation, and safe use of system resources (e.g., `execFile` for command injection prevention), aligning entirely with the stated purpose of a 'secure-code-guardian'.
Capability Assessment
Purpose & Capability
The skill is an instruction-only secure-coding specialist that provides guidance and example code for authentication, input validation, OWASP Top 10 mitigations, headers, XSS/CSRF, rate limiting, etc. It neither declares nor requires unrelated binaries/credentials—this matches the stated purpose.
Instruction Scope
SKILL.md and reference files are focused on implementation guidance and code templates. They do not instruct the agent to read local files or exfiltrate data. However, the example code references runtime items (process.env.JWT_SECRET, redis, db, file system calls) which are illustrative; the skill does not explicitly instruct the agent to access system env or secrets, but a careless use of the templates could prompt someone or an agent to read or rely on local secrets.
Install Mechanism
No install spec and no code files to execute; this is low-risk from an installation perspective (nothing is downloaded or written to disk by the skill).
Credentials
The skill declares no required environment variables, but reference snippets use process.env (e.g., JWT_SECRET, SESSION_SECRET) and external services (redis, db/prisma). This is typical for sample backend code, but there is a mismatch between declared requirements (none) and the example code which implicitly needs secrets/config to run.
Persistence & Privilege
always is false and the skill is user-invocable; it requests no persistent presence or cross-skill/system configuration. It does not request elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secure-code-guardian - After installation, invoke the skill by name or use
/secure-code-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Secure Code Guardian skill.
- Provides code-first guidance for secure authentication, authorization, input validation, encryption, and OWASP Top 10 prevention.
- Outlines a core workflow covering threat modeling, design, implementation, validation, and documentation.
- Includes detailed security constraints for DOs and DON'Ts in secure coding.
- Reference guide links to practical topics: OWASP, authentication, input validation, XSS/CSRF, and headers.
- Output templates ensure every implementation includes code, security notes, configuration hints, and test recommendations.
Metadata
Frequently Asked Questions
What is Secure Code Guardian?
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. It is an AI Agent Skill for Claude Code / OpenClaw, with 2326 downloads so far.
How do I install Secure Code Guardian?
Run "/install secure-code-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secure Code Guardian free?
Yes, Secure Code Guardian is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Secure Code Guardian support?
Secure Code Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secure Code Guardian?
It is built and maintained by Veera (@veeramanikandanr48); the current version is v0.1.0.
More Skills