← Back to Skills Marketplace
161
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install secure-linter
Description
安全代码 Linter:扫描漏洞、密钥泄露和代码异味
Usage Guidance
This skill appears coherent and safe in structure: it performs static analysis only, needs no installs or credentials, and outputs line numbers, risk levels, and fixes. Before installing: (1) confirm whether your agent's `browser`/`web_fetch` calls transmit code or other context to third-party sites — avoid sending sensitive code to external endpoints; (2) remember the skill is a static checker and can miss business-logic vulnerabilities, so perform manual review for high-risk code; (3) if you require offline-only analysis, do not enable the agent's web access or prefer a skill that explicitly forbids external fetches.
Capability Assessment
Purpose & Capability
Name and description describe a static 'secure linter' and the SKILL.md lists language detection, vulnerability checks, and quality checks. There are no unrelated binaries, env vars, or installs required — the requested capabilities align with the stated purpose.
Instruction Scope
Instructions are limited to static analysis steps (identify language, check for SQLi/XSS/hardcoded keys, code-smells) and specify output format. The only outward action suggested is using `browser` or `web_fetch` to consult public security guidance (e.g., OWASP). That is reasonable for augmenting checks but means the agent may make external network requests if those tools are available — review how the agent handles outbound requests and whether it sends user code/context to external sites.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a static linter that claims to operate without special configuration.
Persistence & Privilege
Flags are default (not always-on). The skill does not request persistent system presence or modify other skills; normal autonomous invocation remains possible but is not unusual or excessive here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secure-linter - After installation, invoke the skill by name or use
/secure-linter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of secure_linter.
- Introduces code review assistant for detecting vulnerabilities, key leaks, and code smells.
- Supports multiple programming languages (JavaScript, Python, Go, Rust, etc.).
- Scans for common issues: SQL injection, XSS, hardcoded keys, missing boundary checks, code duplication, long functions, and magic numbers.
- Outputs findings with line numbers, risk levels, and remediation suggestions.
- Suggests referencing security guidelines (e.g., OWASP) using `browser` or `web_fetch` for enhanced analysis.
Metadata
Frequently Asked Questions
What is Secure Linter?
安全代码 Linter:扫描漏洞、密钥泄露和代码异味. It is an AI Agent Skill for Claude Code / OpenClaw, with 161 downloads so far.
How do I install Secure Linter?
Run "/install secure-linter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secure Linter free?
Yes, Secure Linter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Secure Linter support?
Secure Linter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secure Linter?
It is built and maintained by lig-8max (@lig-8max); the current version is v0.1.0.
More Skills