← Back to Skills Marketplace
alirezarezvani

Senior Secops

by Alireza Rezvani · GitHub ↗ · v2.1.1 · MIT-0
cross-platform ⚠ suspicious
2069
Downloads
2
Stars
11
Active Installs
2
Versions
Install in OpenClaw
/install senior-secops
Description
Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST sc...
Usage Guidance
This skill appears to implement the advertised SecOps capabilities, but verify these before installing or running it on sensitive data: - Ensure a Python runtime (3.x) and any required libraries are available — SKILL metadata does not declare Python as a required binary. - Inspect the three included scripts locally for any network calls or credential usage (look for fetch_nvd_data, HTTP requests, or use of API tokens) before running them in production. - Do not run the scanner over system-wide or credential-containing directories unless you want secrets discovered; consider scanning a copy or limiting the target path. - The docs show CI integrations that expect tokens (SNYK_TOKEN, etc.). If you integrate with third-party services, only provide the minimum-scoped secrets via your CI secret store. - Because some functions shown in references look like placeholders or rely on external integrations, test the tool in a sandbox and confirm its outputs and failure modes before relying on it for audit or blocking CI pipelines. If you want, I can (1) summarize any network/IO calls found in the actual script files, (2) list external Python packages the scripts import that may need installation, or (3) highlight exact lines where the scanner detects credential patterns so you can review them.
Capability Analysis
Type: OpenClaw Skill Name: senior-secops Version: 2.1.1 The 'senior-secops' skill bundle is a comprehensive and legitimate security operations toolkit designed for local auditing and compliance verification. It includes Python scripts (security_scanner.py, vulnerability_assessor.py, and compliance_checker.py) that use regular expressions to identify common vulnerabilities like hardcoded secrets, SQL injection, and XSS, as well as checking dependencies against a local CVE database. The code is well-documented, follows secure coding practices itself, and contains no evidence of data exfiltration, malicious execution, or harmful prompt injection instructions.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the three scripts (security_scanner.py, vulnerability_assessor.py, compliance_checker.py) are consistent with a SecOps toolset (SAST/DAST, dependency CVE checks, compliance). However the skill declares no required binaries while the runtime instructions and GitHub Actions examples assume a Python runtime (and examples show use of tools like Snyk/Trivy). The lack of a declared Python requirement is an inconsistency that should be addressed.
Instruction Scope
SKILL.md instructs the agent/user to run the included Python scripts against a target path (project directory). That scope is appropriate for a security scanner/compliance tool. Caveats: the code and references include example calls to external services (NVD/Snyk/Trivy) and placeholder functions (e.g., fetch_nvd_data, get_access_reviews) which may require network access or integration code not present. Also the scanner is designed to detect secrets (AWS keys, OpenAI keys, private keys) — running it against broad paths could enumerate sensitive findings; review and restrict scan targets accordingly.
Install Mechanism
No install spec (instruction-only with included scripts). That minimizes implicit installation risk. Because there is no install step, nothing is being downloaded or executed from arbitrary remote URLs by the skill itself.
Credentials
requires.env and primary credential are empty, which is consistent with the skill not demanding credentials up front. However the documentation and CI examples include SNYK_TOKEN and other external-tool tokens, and the scanner deliberately looks for many credential patterns in source code (AWS keys, GH tokens, OpenAI keys). This is not itself malicious, but you should not supply secrets to the skill and should avoid scanning locations containing live credentials unless you intend to surface/handle them. The absence of declared env vars while showing integration examples is an inconsistency to be aware of.
Persistence & Privilege
always:false and default autonomous invocation are set to normal values. The skill does not request persistent system-wide privileges and contains no install-time hooks to modify other skills. There are no signs it tries to persist credentials or alter platform config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install senior-secops
  3. After installation, invoke the skill by name or use /senior-secops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
senior-secops v1.0.0 - Initial release of the senior-secops skill. - Provides a complete SecOps toolkit covering security scanning, vulnerability assessment, compliance checking, and security automation. - Includes detailed workflows for security audits, CI/CD integration, CVE triage, and incident response. - Supports security and compliance standards such as SOC 2, PCI-DSS, HIPAA, and GDPR. - Features ready-to-use commands and best practices for secure development and operations.
Metadata
Slug senior-secops
Version 2.1.1
License MIT-0
All-time Installs 11
Active Installs 11
Total Versions 2
Frequently Asked Questions

What is Senior Secops?

Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST sc... It is an AI Agent Skill for Claude Code / OpenClaw, with 2069 downloads so far.

How do I install Senior Secops?

Run "/install senior-secops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Senior Secops free?

Yes, Senior Secops is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Senior Secops support?

Senior Secops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Senior Secops?

It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v2.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments