← Back to Skills Marketplace
brandonwise

Vulnerability Scanner

by brandonwise · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
1299
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install vulnerability-scanner
Description
Performs static analysis for OWASP 2025 risks, supply chain threats, secrets detection, code patterns, and prioritizes vulnerabilities by exploitability and...
Usage Guidance
This package appears to be a normal, self-contained source-code vulnerability scanner. Before running it: (1) run it on a copy of the target repository (not on a sensitive production directory), (2) be aware that it will read many files and may report secrets — treat reported results carefully, and do not leak findings to public outputs, (3) npm audit may contact the network/registry if package.json exists, so run in an environment where network activity is acceptable, (4) inspect the included script yourself if you have concerns (it uses subprocess.run and file I/O), and (5) run scans with least privilege or in an isolated container if you want to limit side effects.
Capability Analysis
Type: OpenClaw Skill Name: vulnerability-scanner Version: 1.0.0 The OpenClaw skill 'vulnerability-scanner' is classified as benign. The `SKILL.md` provides detailed, legitimate instructions for a security scanner and contains no prompt injection attempts. The core script `scripts/security_scan.py` correctly implements the stated purpose, performing static analysis for secrets, dangerous code patterns, and configuration issues within a specified project path. It uses `subprocess.run` to execute `npm audit`, which is a standard security tool, and reads files only within the designated project directory. There is no evidence of data exfiltration, unauthorized system modification, or malicious execution beyond its stated function of identifying vulnerabilities.
Capability Assessment
Purpose & Capability
Name/description (vulnerability scanning, OWASP/supply-chain/secrets) match the included SKILL.md and the provided Python scanner script; no unrelated environment variables, binaries, or external credentials are requested.
Instruction Scope
SKILL.md instructs running the included script against a project path. The script legitimately reads project files (code/config) and runs local checks. It also invokes subprocesses (e.g., 'npm audit' when package.json exists) which may contact package registries — expected for dependency scanning but worth noting since it can reach the network and produce potentially sensitive output (e.g., detected secrets).
Install Mechanism
No install specification — instruction-only skill with a bundled script. Nothing is downloaded or written by an installer step.
Credentials
The skill declares no required env vars or credentials. The scanner searches files for secrets and patterns, which is appropriate for its stated purpose. There are no requests for unrelated service credentials or config paths.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request persistent system-wide privileges or modify other skills' configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vulnerability-scanner
  3. After installation, invoke the skill by name or use /vulnerability-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: OWASP 2025, supply chain security, secret detection, code pattern analysis
Metadata
Slug vulnerability-scanner
Version 1.0.0
License
All-time Installs 8
Active Installs 8
Total Versions 1
Frequently Asked Questions

What is Vulnerability Scanner?

Performs static analysis for OWASP 2025 risks, supply chain threats, secrets detection, code patterns, and prioritizes vulnerabilities by exploitability and... It is an AI Agent Skill for Claude Code / OpenClaw, with 1299 downloads so far.

How do I install Vulnerability Scanner?

Run "/install vulnerability-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vulnerability Scanner free?

Yes, Vulnerability Scanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Vulnerability Scanner support?

Vulnerability Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Vulnerability Scanner?

It is built and maintained by brandonwise (@brandonwise); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments