← 返回 Skills 市场

Sec Audit Cn

Name: Sec Audit Cn
Author: clawkk

作者 clawkk · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

109

总下载

当前安装

版本数

在 OpenClaw 中安装

/install sec-audit-cn

功能描述

在中国等地区进行代码安全审计、安全编码与评审时使用：覆盖 OWASP Top 10、鉴权与授权、密钥与配置、CORS/CSP、输入校验与防注入、XSS/CSRF、依赖漏洞、日志与错误处理；输出分级结论与可执行修复建议。适用于 Web/API、移动端后端、小程序服务端、涉及个人信息与支付回调的业务。

安全使用建议

This skill is coherent with its stated purpose (a localized OWASP-style audit guide). Before installing: review the full SKILL.md yourself (the provided preview was truncated), confirm you trust the skill's provenance (source/homepage unknown), and avoid giving the agent sensitive secrets or production-only credentials when asking it to perform audits. If you plan to run automated checks against live systems, do so in a controlled environment and coordinate with ops/compliance as needed.

能力标签

requires-oauth-token

能力评估

✓ Purpose & Capability

Name/description describe an application security audit guide for China-regions and the SKILL.md contains OWASP-aligned checklists, code examples, and remediation guidance — all consistent with that purpose. There are no unrelated requirements (no cloud keys, no platform-specific creds).

✓ Instruction Scope

Runtime instructions are prose, checklists, and code snippets for auditing code/config/architecture. They do not instruct the agent to read arbitrary system files, access environment variables, or send data to external endpoints. Examples using child_process or execFile are illustrative and aligned with injection-check guidance.

✓ Install Mechanism

No install spec and no bundled code; this is instruction-only so nothing will be written to disk or downloaded during install.

✓ Credentials

The skill declares no required env vars, credentials, or config paths. The checks and remediation items reference best-practice handling of secrets but do not request access to them.

✓ Persistence & Privilege

Flags show default behavior (not always:true) and the skill is user-invocable; it does not request elevated/always-on privileges or modify other skills' configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install sec-audit-cn
安装完成后，直接呼叫该 Skill 的名称或使用 /sec-audit-cn 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of sec-audit-cn. - Provides comprehensive security audit guidance tailored for China and similar regions, covering OWASP Top 10, authentication/authorization, secrets, CORS/CSP, input validation, XSS/CSRF, dependency vulnerabilities, and logging. - Includes actionable, prioritized remediation advice suitable for web/API backends, mobile backend, mini-program servers, and business logic involving personal data or payments. - Delivers code samples, checklists, and practical recommendations for each OWASP Top 10 category and common security controls. - Adjusts for local compliance considerations (Cybersecurity Law, Data Security Law, etc.) and domestic threat models. - Outputs structured, implementation-ready audit results.

元数据

Slug sec-audit-cn

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Sec Audit Cn 是什么？

在中国等地区进行代码安全审计、安全编码与评审时使用：覆盖 OWASP Top 10、鉴权与授权、密钥与配置、CORS/CSP、输入校验与防注入、XSS/CSRF、依赖漏洞、日志与错误处理；输出分级结论与可执行修复建议。适用于 Web/API、移动端后端、小程序服务端、涉及个人信息与支付回调的业务。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 109 次。

如何安装 Sec Audit Cn？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sec-audit-cn」即可一键安装，无需额外配置。

Sec Audit Cn 是免费的吗？

是的，Sec Audit Cn 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Sec Audit Cn 支持哪些平台？

Sec Audit Cn 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Sec Audit Cn？

由 clawkk（@clawkk）开发并维护，当前版本 v1.0.0。