← 返回 Skills 市场
selimerunkut

unified security auditor

作者 Selim · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
141
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install unified-security-auditor
功能描述
Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, use...
安全使用建议
This skill is instruction-only and internally consistent with its stated purpose: it doesn't request credentials or install code, so the immediate security risk is low. Before installing, consider (1) reviewing the SKILL.md and README to confirm the guidance matches your policies and coding standards, (2) noting the CC-BY-SA-4.0 license (share‑alike obligations if you redistribute or modify the skill), and (3) validating any concrete fixes the skill suggests before applying them (treat automated remediation as advisory). Also be mindful that, like most skills, it can be invoked autonomously by the agent — if you want to avoid that, disable autonomous invocation in your agent policy or only run the skill interactively.
功能分析
Type: OpenClaw Skill Name: unified-security-auditor Version: 1.0.0 The skill bundle is a legitimate security auditing tool designed to guide AI agents in performing code reviews and hardening exercises. It aggregates best practices from reputable sources (OWASP, Trail of Bits) and provides structured instructions for identifying vulnerabilities like broken access control and secret exposure in SKILL.md. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the instructions are transparent and strictly aligned with the stated purpose of improving software security.
能力评估
Purpose & Capability
Name and description (unified security auditor for code/agent workflows) align with the SKILL.md content and README: guidance targets authentication, authorization, secrets, CI/CD and AI-agent risks. The package does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md contains audit workflows, detection patterns, and an output format. It instructs the assistant to review code, CI/CD, dependencies and agent workflows — all consistent with the stated purpose. There are no instructions to read system-wide credentials, arbitrary files outside the repo, or to exfiltrate data to external endpoints.
Install Mechanism
No install spec or code files are present beyond documentation and SKILL.md; installation guidance is simple file-copy into local/global skill folders. There are no downloads, extracted archives, or package installs that would write/execute arbitrary code on disk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for an instruction-only security-audit skill that analyzes code and CI workflows.
Persistence & Privilege
Flags are default (not always:true). The skill does not request permanent system presence or elevated privileges and does not modify other skills' configs. Model invocation is enabled (default) which allows autonomous invocation — this is normal for skills and is not by itself a problem here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install unified-security-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /unified-security-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Unified Security Skill for Coding Agents. - Provides a comprehensive application security review framework covering OWASP Top 10 (2025), ASVS 5.0, and agentic AI security concerns. - Includes detailed audit workflows for common risk areas like authentication, input handling, supply chain, deployment, and CI/CD automation. - Detects insecure defaults, critical misconfigurations, and high-risk AI/agent integration patterns. - Supplies actionable audit report templates and recommendations, organized by severity. - Integrates security expertise from multiple open-source sources, with CC-BY-SA-4.0 licensing.
元数据
Slug unified-security-auditor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

unified security auditor 是什么?

Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。

如何安装 unified security auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install unified-security-auditor」即可一键安装,无需额外配置。

unified security auditor 是免费的吗?

是的,unified security auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

unified security auditor 支持哪些平台?

unified security auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 unified security auditor?

由 Selim(@selimerunkut)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论