← Back to Skills Marketplace
111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install security-review-workflow
Description
Use when the current branch or PR needs a focused security review that minimizes false positives and only reports concrete, exploit-relevant issues.
README (SKILL.md)
Security Review Workflow
Use this skill for focused security review of branch or PR changes.
Workflow
- Collect git status, changed files, commit list, and full diff against the target base.
- Research the codebase's existing security patterns.
- Inspect only newly introduced attack surfaces in the diff.
- Filter out speculative, low-signal, or excluded finding classes.
- Report only concrete, actionable findings with file, severity, exploit path, and recommendation.
Guardrails
- Minimize false positives aggressively.
- Ignore general code review comments that are not security issues.
- Prefer fewer high-confidence findings over noisy coverage.
Example Requests
- Review this branch only for concrete security bugs.
- Find high-confidence vulnerabilities in the current diff and ignore noise.
Inputs
- Diff against base
- Changed files
- Relevant security context
Outputs
- High-signal security findings
- Severity and exploit path
- Fix recommendations
Success Criteria
- Only concrete issues are reported.
- False positives are aggressively filtered.
- Each finding is actionable.
Non-Goals
- General style review
- Speculative low-confidence security commentary
Source Provenance
Derived from src/commands/security-review.ts.
Usage Guidance
This skill appears coherent and safe in scope, but follow these precautions before enabling it: (1) Provide only the minimal diff/changed-files and needed context—do not feed secrets or large private blobs to a third-party model. (2) Prefer running reviews locally or within your trusted environment if code contains sensitive data. (3) Verify the provenance/source before using in sensitive projects (the registry metadata shows an unknown owner and no homepage). (4) Test on a non-sensitive branch/PR to confirm the agent's behavior and outputs match your expectations (it is aggressive about suppressing low-confidence findings).
Capability Analysis
Type: OpenClaw Skill
Name: security-review-workflow
Version: 1.0.0
The security-review-workflow skill bundle is designed to perform focused security reviews on code diffs. The instructions in SKILL.md and the configuration in agents/openai.yaml are entirely consistent with the stated purpose of identifying high-confidence vulnerabilities while minimizing false positives. There is no evidence of malicious intent, data exfiltration, or unauthorized command execution.
Capability Assessment
Purpose & Capability
Name/description (focused security review of a branch/PR) match the instructions (collect diffs, inspect newly introduced attack surfaces, report concrete findings). The actions requested are what you'd expect for a diff-based security review.
Instruction Scope
Runtime instructions ask for git status, changed files, diffs, and to analyze the codebase for security patterns — all consistent with the stated purpose. Instructions do not direct reading unrelated system paths, accessing external endpoints, or exfiltrating data.
Install Mechanism
No install spec and no code files; the skill is instruction-only so nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. It only expects repository diffs and related context, which is proportional to its purpose.
Persistence & Privilege
always is false and there is no request to modify agent/global config or persist credentials. Autonomous invocation is allowed (default) but that is expected for skills and is not combined with other concerning privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-review-workflow - After installation, invoke the skill by name or use
/security-review-workflow - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial extraction from local Claude Code source
Metadata
Frequently Asked Questions
What is Security Review Workflow?
Use when the current branch or PR needs a focused security review that minimizes false positives and only reports concrete, exploit-relevant issues. It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.
How do I install Security Review Workflow?
Run "/install security-review-workflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Review Workflow free?
Yes, Security Review Workflow is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Security Review Workflow support?
Security Review Workflow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Review Workflow?
It is built and maintained by wimi321 (@wimi321); the current version is v1.0.0.
More Skills