← 返回 Skills 市场
Security Auditor
作者
jgarrison929
· GitHub ↗
· v1.0.0
26392
总下载
44
收藏
309
当前安装
1
版本数
在 OpenClaw 中安装
/install security-auditor
功能描述
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
安全使用建议
Install this if you want an agent to help with security reviews. Treat its command suggestions, such as dependency audits, as actions to approve deliberately, especially when reviewing sensitive auth or environment-related files.
功能分析
Type: OpenClaw Skill
Name: security-auditor
Version: 1.0.0
The skill bundle is designed to equip an AI agent with the knowledge and processes to perform security audits. The `SKILL.md` file provides extensive guidance on secure coding practices, OWASP Top 10 vulnerabilities, security headers, input validation, authentication best practices, and dependency security. All code examples clearly differentiate between insecure and secure patterns, serving an educational purpose. There is no evidence of malicious intent, data exfiltration, unauthorized execution, persistence, or prompt injection aimed at subverting the agent's intended function; instead, it explicitly promotes secure development and auditing practices.
能力评估
Purpose & Capability
The stated purpose is security auditing and secure coding review, and the artifact is a single SKILL.md containing OWASP checklists, secure/insecure examples, and report formatting guidance.
Instruction Scope
The instructions stay within security review guidance and do not ask the agent to override user intent, hide actions, exfiltrate data, or run unrelated commands.
Install Mechanism
No install script, executable helper, package dependency, required binary, or environment variable is present; the bundle contains only SKILL.md.
Credentials
The skill may guide review of sensitive files such as auth config and .env patterns, and suggests dependency-audit commands, which is expected for a user-directed security audit.
Persistence & Privilege
No persistence mechanism, background worker, privilege escalation, credential/session use, or long-running behavior is present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release – comprehensive security audit and secure coding skill.
- Provides actionable code review for security vulnerabilities and OWASP Top 10 risks.
- Includes checklists and code patterns for authentication, CORS/CSP headers, input validation, XSS, SQL injection, secrets handling, and more.
- Offers recommended secure code snippets and sample security headers.
- Details best practices for dependency scanning, output formatting, and secure architecture review.
- Supports structured output for clear, actionable security audit results.
元数据
常见问题
Security Auditor 是什么?
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 26392 次。
如何安装 Security Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-auditor」即可一键安装,无需额外配置。
Security Auditor 是免费的吗?
是的,Security Auditor 完全免费(开源免费),可自由下载、安装和使用。
Security Auditor 支持哪些平台?
Security Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Auditor?
由 jgarrison929(@jgarrison929)开发并维护,当前版本 v1.0.0。
推荐 Skills