← 返回 Skills 市场
2326
总下载
1
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-code-guardian
功能描述
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.
安全使用建议
This is a coherent, instruction-only secure‑coding skill that provides useful patterns and example code. Before using it: (1) review example snippets—they reference environment variables and services (JWT_SECRET, SESSION_SECRET, Redis, DB, file I/O) but the skill doesn't declare them; supply and protect any secrets via your secret manager rather than pasting them into code or logs; (2) vet and test the provided templates in a safe environment before deploying to production; (3) verify any third-party libraries you install (bcrypt, jsonwebtoken, helmet, DOMPurify, etc.) for licensing and vulnerabilities and run dependency scans; (4) note the skill author/source is unknown—if you need stronger assurance, prefer guidance from a known maintainer or audit the content line-by-line before automation. Overall the skill appears consistent with its stated purpose, but exercise normal caution around secrets and operational configuration.
功能分析
Type: OpenClaw Skill
Name: secure-code-guardian
Version: 0.1.0
The skill bundle is designed to instruct an AI agent on secure coding practices and OWASP Top 10 prevention. All files, including the SKILL.md and various reference markdown files, consistently provide guidance and code examples for implementing robust security controls. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The code snippets demonstrate secure handling of secrets (e.g., `process.env.JWT_SECRET`), proper input validation, and safe use of system resources (e.g., `execFile` for command injection prevention), aligning entirely with the stated purpose of a 'secure-code-guardian'.
能力评估
Purpose & Capability
The skill is an instruction-only secure-coding specialist that provides guidance and example code for authentication, input validation, OWASP Top 10 mitigations, headers, XSS/CSRF, rate limiting, etc. It neither declares nor requires unrelated binaries/credentials—this matches the stated purpose.
Instruction Scope
SKILL.md and reference files are focused on implementation guidance and code templates. They do not instruct the agent to read local files or exfiltrate data. However, the example code references runtime items (process.env.JWT_SECRET, redis, db, file system calls) which are illustrative; the skill does not explicitly instruct the agent to access system env or secrets, but a careless use of the templates could prompt someone or an agent to read or rely on local secrets.
Install Mechanism
No install spec and no code files to execute; this is low-risk from an installation perspective (nothing is downloaded or written to disk by the skill).
Credentials
The skill declares no required environment variables, but reference snippets use process.env (e.g., JWT_SECRET, SESSION_SECRET) and external services (redis, db/prisma). This is typical for sample backend code, but there is a mismatch between declared requirements (none) and the example code which implicitly needs secrets/config to run.
Persistence & Privilege
always is false and the skill is user-invocable; it requests no persistent presence or cross-skill/system configuration. It does not request elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secure-code-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/secure-code-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Secure Code Guardian skill.
- Provides code-first guidance for secure authentication, authorization, input validation, encryption, and OWASP Top 10 prevention.
- Outlines a core workflow covering threat modeling, design, implementation, validation, and documentation.
- Includes detailed security constraints for DOs and DON'Ts in secure coding.
- Reference guide links to practical topics: OWASP, authentication, input validation, XSS/CSRF, and headers.
- Output templates ensure every implementation includes code, security notes, configuration hints, and test recommendations.
元数据
常见问题
Secure Code Guardian 是什么?
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2326 次。
如何安装 Secure Code Guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-code-guardian」即可一键安装,无需额外配置。
Secure Code Guardian 是免费的吗?
是的,Secure Code Guardian 完全免费(开源免费),可自由下载、安装和使用。
Secure Code Guardian 支持哪些平台?
Secure Code Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secure Code Guardian?
由 Veera(@veeramanikandanr48)开发并维护,当前版本 v0.1.0。
推荐 Skills