← Back to Skills Marketplace
gitgoodordietrying

Security Audit Toolkit

by gitgoodordietrying · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ Security Clean
13761
Downloads
25
Stars
125
Active Installs
1
Versions
Install in OpenClaw
/install security-audit-toolkit
Description
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Usage Guidance
Install only in workspaces you are comfortable auditing. Treat secret-scan output as sensitive, rotate any real credentials found, review dependency auto-fix changes before committing, trust or pin external tools where practical, and install the pre-commit hook only if you want ongoing commit blocking.
Capability Analysis
Type: OpenClaw Skill Name: security-audit-toolkit Version: 1.0.0 The OpenClaw AgentSkills bundle 'security-audit-toolkit' is classified as benign. All commands and scripts provided in SKILL.md, including the comprehensive `security-audit.sh` script, are directly aligned with the stated purpose of performing security audits. The skill utilizes standard security tools and practices (e.g., `npm audit`, `pip-audit`, `grep` for secrets, `openssl` for TLS checks, `find` for permissions) to identify vulnerabilities within a project. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized external endpoints, malicious execution of remote payloads, persistence mechanisms, or prompt injection attempts against the agent to subvert its intended function. The commands that access sensitive areas (like `~/.ssh`) are for auditing permissions, not for exfiltrating data, and network calls use placeholder domains like `example.com`.
Capability Assessment
Purpose & Capability
The skill's stated purpose is auditing codebases for dependency vulnerabilities, secrets, OWASP issues, TLS settings, and file permissions; the commands align with that purpose, but secret-detection output can reveal real credentials.
Instruction Scope
The instructions are user-directed command examples. A few commands can change project files, such as dependency auto-fix commands, so users should review diffs and run tests.
Install Mechanism
The artifact is a single non-executable SKILL.md with no install hook, but it recommends third-party audit tools via npm, pip, Go, Cargo, and Trivy documentation.
Credentials
Reading project files, git history, TLS endpoints, file permissions, and SSH key permissions is proportionate for a security audit, though it may surface sensitive local information.
Persistence & Privilege
There is no automatic persistence. The only persistent behavior is an optional disclosed pre-commit hook example that would remain in .git/hooks if the user installs it.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install security-audit-toolkit
  3. After installation, invoke the skill by name or use /security-audit-toolkit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Dependency scanning, secret detection, OWASP code patterns, SSL/TLS verification, file permissions, pre-commit hooks, full audit script
Metadata
Slug security-audit-toolkit
Version 1.0.0
License
All-time Installs 474
Active Installs 125
Total Versions 1
Frequently Asked Questions

What is Security Audit Toolkit?

Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws. It is an AI Agent Skill for Claude Code / OpenClaw, with 13761 downloads so far.

How do I install Security Audit Toolkit?

Run "/install security-audit-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Audit Toolkit free?

Yes, Security Audit Toolkit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Security Audit Toolkit support?

Security Audit Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Security Audit Toolkit?

It is built and maintained by gitgoodordietrying (@gitgoodordietrying); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments