← 返回 Skills 市场
222
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install code-security
功能描述
Review code for security risks like injection, auth flaws, sensitive data leaks, and recommend precise, actionable fixes with risk levels and patches.
使用说明 (SKILL.md)
安全审查
只报真实风险,不制造恐慌。
工作流
- 找出信任边界、用户输入、特权操作和敏感数据路径。
- 重点检查注入、路径穿越、XSS、不安全反序列化、认证授权缺陷、密钥泄露、不安全日志和命令执行问题。
- 同时评估可利用性和影响面,不夸大低置信度问题。
- 用清晰等级标记风险,如 critical、high、medium、low。
- 给出直接可落地的修复建议,能给代码补丁时优先给补丁。
- 如果本轮无法彻底关闭风险,就说明残余风险和后续检查点。
输出
- 风险点
- 风险等级
- 影响说明
- 修复方案
- 可直接使用的补丁或代码建议
安全使用建议
This skill appears to do what it says: review the workspace for security issues and suggest fixes. Before running it, consider: (1) the skill will read files in your current workspace — remove or temporarily redact any secrets, credentials, or sensitive files you don't want inspected or leaked in output; (2) scope the review (specific files or directories) rather than scanning an entire repository if it contains private keys or production credentials; (3) run the review on a local copy or sanitized snapshot if you are concerned; (4) the skill's source/homepage is unknown — if provenance matters to you, prefer tools from known authors or with visible source code; (5) if you are uncomfortable with autonomous invocation, you can disable model-invocation for skills or require explicit user invocation. These are operational precautions rather than technical blockers.
功能分析
Type: OpenClaw Skill
Name: code-security
Version: 0.1.0
The 'code-security' skill bundle is designed to assist users in performing security audits on application code. The instructions in SKILL.md and the configuration in agents/openai.yaml focus on identifying common vulnerabilities such as SQL injection, XSS, and credential leaks, and providing remediation advice. No malicious intent, data exfiltration, or suspicious execution patterns were identified.
能力评估
Purpose & Capability
Name, description, and instructions all describe a code security review. The skill requires no binaries, env vars, or config paths, which is proportionate for an instruction-only code-review helper. Note: the package source/homepage is unknown (no provenance), which reduces external trust but does not create technical incoherence.
Instruction Scope
SKILL.md tells the agent to review code in the current workspace for specific issues and to produce fixes/patches. It does not instruct network exfiltration or reading unrelated system files. Important operational note: 'current workspace' implies the agent will read project files (which may include secrets or credentials); this is expected behavior for a code-audit skill but worth being aware of and scoping before use.
Install Mechanism
No install specification and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its purpose as a local code reviewer and is proportionate.
Persistence & Privilege
Flags show always:false and user-invocable:true (defaults). The skill does not request persistent presence or system-wide changes. Model invocation is enabled by default (disable-model-invocation:false) which is normal for skills; this alone is not a red flag.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install code-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/code-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
initial release
元数据
常见问题
Code Security 是什么?
Review code for security risks like injection, auth flaws, sensitive data leaks, and recommend precise, actionable fixes with risk levels and patches. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 222 次。
如何安装 Code Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-security」即可一键安装,无需额外配置。
Code Security 是免费的吗?
是的,Code Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Code Security 支持哪些平台?
Code Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Security?
由 sf0799(@sf0799)开发并维护,当前版本 v0.1.0。
推荐 Skills