← 返回 Skills 市场
Security Audit Toolkit
作者
gitgoodordietrying
· GitHub ↗
· v1.0.0
13761
总下载
25
收藏
125
当前安装
1
版本数
在 OpenClaw 中安装
/install security-audit-toolkit
功能描述
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
安全使用建议
Install only in workspaces you are comfortable auditing. Treat secret-scan output as sensitive, rotate any real credentials found, review dependency auto-fix changes before committing, trust or pin external tools where practical, and install the pre-commit hook only if you want ongoing commit blocking.
功能分析
Type: OpenClaw Skill
Name: security-audit-toolkit
Version: 1.0.0
The OpenClaw AgentSkills bundle 'security-audit-toolkit' is classified as benign. All commands and scripts provided in SKILL.md, including the comprehensive `security-audit.sh` script, are directly aligned with the stated purpose of performing security audits. The skill utilizes standard security tools and practices (e.g., `npm audit`, `pip-audit`, `grep` for secrets, `openssl` for TLS checks, `find` for permissions) to identify vulnerabilities within a project. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized external endpoints, malicious execution of remote payloads, persistence mechanisms, or prompt injection attempts against the agent to subvert its intended function. The commands that access sensitive areas (like `~/.ssh`) are for auditing permissions, not for exfiltrating data, and network calls use placeholder domains like `example.com`.
能力评估
Purpose & Capability
The skill's stated purpose is auditing codebases for dependency vulnerabilities, secrets, OWASP issues, TLS settings, and file permissions; the commands align with that purpose, but secret-detection output can reveal real credentials.
Instruction Scope
The instructions are user-directed command examples. A few commands can change project files, such as dependency auto-fix commands, so users should review diffs and run tests.
Install Mechanism
The artifact is a single non-executable SKILL.md with no install hook, but it recommends third-party audit tools via npm, pip, Go, Cargo, and Trivy documentation.
Credentials
Reading project files, git history, TLS endpoints, file permissions, and SSH key permissions is proportionate for a security audit, though it may surface sensitive local information.
Persistence & Privilege
There is no automatic persistence. The only persistent behavior is an optional disclosed pre-commit hook example that would remain in .git/hooks if the user installs it.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-audit-toolkit - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-audit-toolkit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Dependency scanning, secret detection, OWASP code patterns, SSL/TLS verification, file permissions, pre-commit hooks, full audit script
元数据
常见问题
Security Audit Toolkit 是什么?
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 13761 次。
如何安装 Security Audit Toolkit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-audit-toolkit」即可一键安装,无需额外配置。
Security Audit Toolkit 是免费的吗?
是的,Security Audit Toolkit 完全免费(开源免费),可自由下载、安装和使用。
Security Audit Toolkit 支持哪些平台?
Security Audit Toolkit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Security Audit Toolkit?
由 gitgoodordietrying(@gitgoodordietrying)开发并维护,当前版本 v1.0.0。
推荐 Skills