← Back to Skills Marketplace
109
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sec-audit-cn
Description
在中国等地区进行代码安全审计、安全编码与评审时使用:覆盖 OWASP Top 10、鉴权与授权、密钥与配置、CORS/CSP、 输入校验与防注入、XSS/CSRF、依赖漏洞、日志与错误处理;输出分级结论与可执行修复建议。 适用于 Web/API、移动端后端、小程序服务端、涉及个人信息与支付回调的业务。
Usage Guidance
This skill is coherent with its stated purpose (a localized OWASP-style audit guide). Before installing: review the full SKILL.md yourself (the provided preview was truncated), confirm you trust the skill's provenance (source/homepage unknown), and avoid giving the agent sensitive secrets or production-only credentials when asking it to perform audits. If you plan to run automated checks against live systems, do so in a controlled environment and coordinate with ops/compliance as needed.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description describe an application security audit guide for China-regions and the SKILL.md contains OWASP-aligned checklists, code examples, and remediation guidance — all consistent with that purpose. There are no unrelated requirements (no cloud keys, no platform-specific creds).
Instruction Scope
Runtime instructions are prose, checklists, and code snippets for auditing code/config/architecture. They do not instruct the agent to read arbitrary system files, access environment variables, or send data to external endpoints. Examples using child_process or execFile are illustrative and aligned with injection-check guidance.
Install Mechanism
No install spec and no bundled code; this is instruction-only so nothing will be written to disk or downloaded during install.
Credentials
The skill declares no required env vars, credentials, or config paths. The checks and remediation items reference best-practice handling of secrets but do not request access to them.
Persistence & Privilege
Flags show default behavior (not always:true) and the skill is user-invocable; it does not request elevated/always-on privileges or modify other skills' configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sec-audit-cn - After installation, invoke the skill by name or use
/sec-audit-cn - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of sec-audit-cn.
- Provides comprehensive security audit guidance tailored for China and similar regions, covering OWASP Top 10, authentication/authorization, secrets, CORS/CSP, input validation, XSS/CSRF, dependency vulnerabilities, and logging.
- Includes actionable, prioritized remediation advice suitable for web/API backends, mobile backend, mini-program servers, and business logic involving personal data or payments.
- Delivers code samples, checklists, and practical recommendations for each OWASP Top 10 category and common security controls.
- Adjusts for local compliance considerations (Cybersecurity Law, Data Security Law, etc.) and domestic threat models.
- Outputs structured, implementation-ready audit results.
Metadata
Frequently Asked Questions
What is Sec Audit Cn?
在中国等地区进行代码安全审计、安全编码与评审时使用:覆盖 OWASP Top 10、鉴权与授权、密钥与配置、CORS/CSP、 输入校验与防注入、XSS/CSRF、依赖漏洞、日志与错误处理;输出分级结论与可执行修复建议。 适用于 Web/API、移动端后端、小程序服务端、涉及个人信息与支付回调的业务。 It is an AI Agent Skill for Claude Code / OpenClaw, with 109 downloads so far.
How do I install Sec Audit Cn?
Run "/install sec-audit-cn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sec Audit Cn free?
Yes, Sec Audit Cn is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sec Audit Cn support?
Sec Audit Cn is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sec Audit Cn?
It is built and maintained by clawkk (@clawkk); the current version is v1.0.0.
More Skills