← Back to Skills Marketplace
141
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install unified-security-auditor
Description
Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, use...
Usage Guidance
This skill is instruction-only and internally consistent with its stated purpose: it doesn't request credentials or install code, so the immediate security risk is low. Before installing, consider (1) reviewing the SKILL.md and README to confirm the guidance matches your policies and coding standards, (2) noting the CC-BY-SA-4.0 license (share‑alike obligations if you redistribute or modify the skill), and (3) validating any concrete fixes the skill suggests before applying them (treat automated remediation as advisory). Also be mindful that, like most skills, it can be invoked autonomously by the agent — if you want to avoid that, disable autonomous invocation in your agent policy or only run the skill interactively.
Capability Analysis
Type: OpenClaw Skill
Name: unified-security-auditor
Version: 1.0.0
The skill bundle is a legitimate security auditing tool designed to guide AI agents in performing code reviews and hardening exercises. It aggregates best practices from reputable sources (OWASP, Trail of Bits) and provides structured instructions for identifying vulnerabilities like broken access control and secret exposure in SKILL.md. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the instructions are transparent and strictly aligned with the stated purpose of improving software security.
Capability Assessment
Purpose & Capability
Name and description (unified security auditor for code/agent workflows) align with the SKILL.md content and README: guidance targets authentication, authorization, secrets, CI/CD and AI-agent risks. The package does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md contains audit workflows, detection patterns, and an output format. It instructs the assistant to review code, CI/CD, dependencies and agent workflows — all consistent with the stated purpose. There are no instructions to read system-wide credentials, arbitrary files outside the repo, or to exfiltrate data to external endpoints.
Install Mechanism
No install spec or code files are present beyond documentation and SKILL.md; installation guidance is simple file-copy into local/global skill folders. There are no downloads, extracted archives, or package installs that would write/execute arbitrary code on disk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for an instruction-only security-audit skill that analyzes code and CI workflows.
Persistence & Privilege
Flags are default (not always:true). The skill does not request permanent system presence or elevated privileges and does not modify other skills' configs. Model invocation is enabled (default) which allows autonomous invocation — this is normal for skills and is not by itself a problem here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install unified-security-auditor - After installation, invoke the skill by name or use
/unified-security-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Unified Security Skill for Coding Agents.
- Provides a comprehensive application security review framework covering OWASP Top 10 (2025), ASVS 5.0, and agentic AI security concerns.
- Includes detailed audit workflows for common risk areas like authentication, input handling, supply chain, deployment, and CI/CD automation.
- Detects insecure defaults, critical misconfigurations, and high-risk AI/agent integration patterns.
- Supplies actionable audit report templates and recommendations, organized by severity.
- Integrates security expertise from multiple open-source sources, with CC-BY-SA-4.0 licensing.
Metadata
Frequently Asked Questions
What is unified security auditor?
Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, use... It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.
How do I install unified security auditor?
Run "/install unified-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is unified security auditor free?
Yes, unified security auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does unified security auditor support?
unified security auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created unified security auditor?
It is built and maintained by Selim (@selimerunkut); the current version is v1.0.0.
More Skills