← Back to Skills Marketplace
Mobb Vulnerabilities Fixer
by
Jonathan Santilli
· GitHub ↗
· v0.1.2
1445
Downloads
3
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install mobb-vulnerabilities-fixer
Description
Scan, fix, and remediate security vulnerabilities in a local code repository using Mobb MCP/CLI. Use when the user asks to scan for vulnerabilities, run a security check, auto-fix issues, remediate findings, or apply Mobb fixes (e.g., \"scan this repo\", \"fix security issues\", \"remediate vulnerabilities\", \"run Mobb on my changes\").
Usage Guidance
This skill appears to do what it says: it drives your local Mobb MCP/CLI to scan a repository and apply fixes but expects you to (1) run and trust the MCP service/tool locally, (2) provide or configure a Mobb API key or complete the browser login flow yourself, and (3) review and explicitly approve any patches before they are applied. Before installing/invoking: ensure your local MCP binary/server is from a trusted source, be prepared to authenticate via the browser flow or set an API key locally (the skill's docs are slightly inconsistent about whether the agent should read env vars), and do not allow the skill to auto-apply fixes without your explicit consent. If you want greater assurance, ask the skill author to clarify which environment variables it reads, or require the agent to only accept credentials that you paste into the session at runtime rather than reading them from the environment automatically.
Capability Analysis
Type: OpenClaw Skill
Name: mobb-vulnerabilities-fixer
Version: 0.1.2
The skill is designed to use a pre-installed and user-managed Mobb MCP server for vulnerability scanning and fixing. The instructions in `SKILL.md` and `mobb-auth.md` explicitly prohibit the agent from reading environment variables directly, installing/launching the MCP server, or applying fixes without explicit user consent. These safeguards, combined with the rejection of path traversal and clear instructions for user interaction, indicate a strong focus on transparency and user control, with no evidence of malicious intent or high-risk behaviors beyond the stated purpose.
Capability Assessment
Purpose & Capability
The skill's name and description match the runtime instructions: it drives an existing Mobb MCP/CLI to scan a local repo and apply fixes. It expects MCP to be available and instructs the agent to call MCP APIs such as scan_and_fix_vulnerabilities and fetch_available_fixes, which is appropriate for the stated purpose. Minor gap: metadata declares no required binaries/env but the instructions assume an external MCP service/tool is present (the skill explicitly tells the agent not to install/launch MCP itself).
Instruction Scope
SKILL.md stays within the scope of scanning and applying fixes: it requires an absolute repo path, uses pagination rules, asks for explicit user consent before applying patches, and instructs not to auto-rescan or auto-page. No instructions request broad system access or tell the agent to read unrelated files. Notable inconsistency: references/mobb-auth.md says 'Do not read or request environment variables directly' while SKILL.md says 'Prefer API_KEY in the environment' — this is a contradictory guidance about how the agent should obtain credentials and should be clarified.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, which minimizes installation risk. The skill assumes MCP is locally available but explicitly forbids installing or launching it on the agent's behalf.
Credentials
Declared requirements list no environment variables or credentials, but the instructions reference an API key (API_KEY or MOBB_API_KEY) and an optional API_URL/WEB_APP_URL for non-default tenants. This is reasonable for a client that interacts with a service, but the metadata could be clearer. The contradictory guidance about 'do not read env vars directly' vs. 'prefer API_KEY in the environment' should be resolved: the agent must not attempt to exfiltrate secrets and should only use creds the user explicitly provides or configures locally.
Persistence & Privilege
The skill is not always-included and does not request persistent system-wide privileges. It instructs the user to run their own MCP service and does not attempt to modify other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mobb-vulnerabilities-fixer - After installation, invoke the skill by name or use
/mobb-vulnerabilities-fixer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Remove npx execution; require MCP already running; tighten auth guidance
v0.1.1
Update: require confirmation for npx and patch application
v0.1.0
Initial release
Metadata
Frequently Asked Questions
What is Mobb Vulnerabilities Fixer?
Scan, fix, and remediate security vulnerabilities in a local code repository using Mobb MCP/CLI. Use when the user asks to scan for vulnerabilities, run a security check, auto-fix issues, remediate findings, or apply Mobb fixes (e.g., \"scan this repo\", \"fix security issues\", \"remediate vulnerabilities\", \"run Mobb on my changes\"). It is an AI Agent Skill for Claude Code / OpenClaw, with 1445 downloads so far.
How do I install Mobb Vulnerabilities Fixer?
Run "/install mobb-vulnerabilities-fixer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mobb Vulnerabilities Fixer free?
Yes, Mobb Vulnerabilities Fixer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Mobb Vulnerabilities Fixer support?
Mobb Vulnerabilities Fixer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mobb Vulnerabilities Fixer?
It is built and maintained by Jonathan Santilli (@jonathansantilli); the current version is v0.1.2.
More Skills