← Back to Skills Marketplace
252
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install neckr0ik-security-fixer
Description
Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk...
Usage Guidance
This fixer appears to implement the advertised remediations, but take these precautions before running it on real code: 1) Verify you have the required scanner/audit module (neckr0ik-security-scanner or an audit.py) installed — the fixer imports 'audit' but the package does not declare or include it. 2) Always run with --dry-run first and keep backups (or use the backup option) to inspect changes before applying. 3) Review generated .env.example and .gitignore to ensure no sensitive data is leaked. 4) Expect the tool to insert imports and helper functions; check for duplicate imports or broken indentation. 5) Do not run with --auto on system-critical directories or repos you can't restore from backup. 6) If you will allow autonomous agent invocation of this skill, restrict its scope (target paths) and require human confirmation for applying fixes to production code.
Capability Analysis
Type: OpenClaw Skill
Name: neckr0ik-security-fixer
Version: 1.0.0
The skill bundle is a legitimate security remediation tool designed to automatically fix common vulnerabilities like hardcoded secrets, shell injection, and path traversal in other OpenClaw skills. The core logic in `scripts/fixer.py` uses standard library modules to perform regex-based code replacement, creates backups before modification, and generates `.env.example` templates, all of which align with its stated purpose without evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description match the included code: fixer.py generates and applies fixes for secrets, shell injection, prompt injection, path traversal, and pinned deps. However, fixer.py imports an 'audit' module (audit_skill, Vulnerability, Severity) that is not included in the package and no dependency or install step declares the required scanner package. The SKILL.md references 'neckr0ik-security-scanner' but the registry metadata does not declare it as a required dependency — verify the scanner is installed separately or this will fail.
Instruction Scope
Runtime instructions and the script intentionally read, modify, and write files under the target skill path (create backups, write .env.example, update .gitignore). This is expected for a fixer, but it means the agent or user must trust the tool to modify code. The SKILL.md provides dry-run and backup options, and the script prints review messages for manual items — that's good. The fixer inserts code snippets (imports, helpers) directly into files which may break code or duplicate imports; expect some manual review.
Install Mechanism
No install spec is provided (instruction-only plus included fixer.py). That reduces supply-chain risk since nothing is downloaded at install time. But because the scanner dependency is not declared, the runtime may fail unless the user has the scanner/audit module installed from elsewhere.
Credentials
The skill requests no environment variables or credentials. The templates it generates include common API key names (OPENAI_API_KEY, ANTHROPIC_API_KEY, GITHUB_TOKEN, DB_PASSWORD) which is consistent with its purpose (moving hardcoded secrets to env vars). There is no evidence the skill itself attempts to read arbitrary environment variables beyond creating a .env.example.
Persistence & Privilege
always is false (not force-included) and it doesn't request system-level persistence. It does modify files under the given skill path (expected). The default behavior allowing autonomous invocation is standard for skills; combine that with file-modifying behavior only if you plan to allow autonomous runs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install neckr0ik-security-fixer - After installation, invoke the skill by name or use
/neckr0ik-security-fixer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of neckr0ik-security-fixer.
- Automatically remediates hardcoded secrets, shell injection, prompt injection, and path traversal vulnerabilities in OpenClaw skills.
- Integrates with neckr0ik-security-scanner for seamless vulnerability detection and fixing.
- Generates secure code replacements and .env.example templates, updating .gitignore as needed.
- Supports auto-fix, interactive fixes, dry-run mode, and backup file creation.
- Outputs detailed reports and flags issues needing manual review.
Metadata
Frequently Asked Questions
What is Neckr0ik Security Fixer?
Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk... It is an AI Agent Skill for Claude Code / OpenClaw, with 252 downloads so far.
How do I install Neckr0ik Security Fixer?
Run "/install neckr0ik-security-fixer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Neckr0ik Security Fixer free?
Yes, Neckr0ik Security Fixer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Neckr0ik Security Fixer support?
Neckr0ik Security Fixer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Neckr0ik Security Fixer?
It is built and maintained by Neckr0ik (@neckr0ik); the current version is v1.0.0.
More Skills