Ralph Security Audit
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only security audit skill, but it can inspect sensitive project/system details and writes local reports, so users should scope it carefully and protect the output.
Reasonable to use for a thorough security review if you intend to audit that project/environment. Run it only where you have authorization, watch for broad host or network checks, and protect or redact the generated .ralph-report.md files before sharing or committing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect project metadata, local service exposure, container state, or scheduled tasks while auditing.
The skill directs the agent to perform repository and local/system reconnaissance. This is expected for a security audit, but it may involve local commands or discovery checks that should stay within the intended scope.
Auto-Detect (Iteration 1): 1. `git rev-parse --show-toplevel`, `git remote -v` ... Exposed ports (host/container) ... Hidden services discovery ... Cron jobs and scheduled tasks
Run the skill only in repositories and environments you own or are authorized to assess, and confirm before allowing invasive host or network discovery.
Sensitive secrets or access-control details could be read or summarized during the audit.
The audit includes checks that may expose credentials, authentication configuration, SSH settings, or database permissions. These checks fit the stated purpose but involve sensitive authority and data.
Phase 3: Authentication & Secrets ... Secret detection (API keys, passwords, tokens) ... Environment variable audit ... SSH security (key auth, config hardening) ... Database security (SSL, permissions, access)
Keep the audit scoped to the intended project, avoid printing full secret values, and redact sensitive details before sharing results.
Security findings, vulnerable file paths, or secret-related notes may remain on disk after the audit.
The skill stores persistent audit reports/checkpoints. This is purpose-aligned, but reports may contain sensitive findings or paths and may be reused when resuming.
SAVE: Every 10 iterations, update `.ralph-report.md` ... On start: rename existing `.ralph-report.md` to `.ralph-report-{YYYY-MM-DD-HHmm}.md`Protect, review, redact, or delete generated report files before committing or sharing them.
Users have less external context for who maintains the skill or where to review its history.
There is no executable install path, which limits supply-chain execution risk, but the artifacts provide limited upstream provenance for independently verifying the skill.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the visible instructions before use and prefer trusted publishers or a known source repository for high-trust workflows.