← Back to Skills Marketplace
Security Vulnerability Scanner
by
HonestQiao
· GitHub ↗
· v1.0.0
1182
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install security-vuln-scanner
Description
扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码,提供检测结果和安全评分建议。
README (SKILL.md)
Security Vulnerability Scanner
扫描代码中的安全漏洞,提供修复建议。
功能
- SQL 注入检测
- XSS 跨站脚本检测
- 硬编码密码/密钥检测
- 不安全随机数检测
- 命令注入检测
- 敏感信息泄露检测
- 安全评分
触发词
- "安全扫描"
- "漏洞检测"
- "security scan"
- "vulnerability"
检测模式
const patterns = {
sqlInjection: /query\s*\(\s*['"`].*\$\{/,
xss: /innerHTML\s*=|document\.write/,
hardcodedSecret: /password\s*=\s*['"][^'"]+['"]/,
insecureRandom: /Math\.random\(\)/,
commandInjection: /exec\s*\(\s*\$\{/
};
输出示例
{
"vulnerabilities": [
{
"type": "sql_injection",
"line": 42,
"severity": "high",
"message": "检测到SQL注入风险"
}
],
"score": 65
}
Usage Guidance
This skill is a simple, local regex-based scanner that expects you to pass code as a string and returns pattern matches and a score. It does not request credentials or install software, so it is internally coherent. However, the detection rules are basic and JavaScript-centric — expect false positives and missed issues. Before relying on it for security decisions, review and extend its patterns for your languages, test it on known vulnerable/clean samples, and prefer established static analysis tools for critical codebases.
Capability Analysis
Type: OpenClaw Skill
Name: security-vuln-scanner
Version: 1.0.0
The skill 'security-vuln-scanner' is designed to perform static analysis on provided code to detect common vulnerabilities like SQL injection, XSS, hardcoded secrets, and command injection using regex patterns. The code does not exhibit any malicious behavior such as data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the agent. Its functionality is clearly aligned with its stated purpose as a security scanner, and it does not introduce any high-risk operations like file system access or network communication.
Capability Assessment
Purpose & Capability
Name and description (static vulnerability scanning) match the provided runtime instructions and patterns. The skill is instruction-only and expects code as input (scan_vulnerabilities(code, language)), which is consistent with its purpose.
Instruction Scope
Instructions implement simple regex-based checks embedded in SKILL.md/skill.yaml and do not direct the agent to read files, environment variables, or external endpoints. Note: the scan is purely pattern matching (JavaScript-oriented patterns) and lacks guidance on how code is supplied or on multi-language support; this limits coverage and may produce false positives/negatives.
Install Mechanism
No install spec or external downloads — lowest-risk configuration (instruction-only), nothing is written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths; this is proportionate for a static analyzer that operates on provided code strings.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but is not combined with any broad credential access or persistent modification.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-vuln-scanner - After installation, invoke the skill by name or use
/security-vuln-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Security Vulnerability Scanner.
- Scans code for common security vulnerabilities.
- Detects SQL injection, XSS, hardcoded passwords/keys, insecure random, command injection, and sensitive information leaks.
- Provides security score and specific remediation suggestions.
- Triggered by phrases like "安全扫描", "漏洞检测", "security scan", and "vulnerability".
- Outputs detailed vulnerability reports and scores for identified issues.
Metadata
Frequently Asked Questions
What is Security Vulnerability Scanner?
扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码,提供检测结果和安全评分建议。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1182 downloads so far.
How do I install Security Vulnerability Scanner?
Run "/install security-vuln-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Vulnerability Scanner free?
Yes, Security Vulnerability Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Vulnerability Scanner support?
Security Vulnerability Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Vulnerability Scanner?
It is built and maintained by HonestQiao (@honestqiao); the current version is v1.0.0.
More Skills