ClawHub

Security Auditor

v1.0.0

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

26· 19.5k·248 current·262 all-time
by@jgarrison929
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a security-audit helper and the SKILL.md contains OWASP-based checklists and secure-coding examples that match that purpose. There are no unexpected required binaries, env vars, or config paths.
Instruction Scope
The SKILL.md provides guidance, checklists, and code examples for reviewing code, configuring headers, and preventing common vulnerabilities. It does not instruct the agent to read arbitrary host files, access unrelated credentials, post data to external endpoints, or execute system commands beyond illustrative examples.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written to disk during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. That matches its role as a guidance/audit skill and is proportionate.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. Autonomous invocation is allowed (platform default) but the skill itself does not request permanent presence or modify other skill configurations.
Assessment
This skill appears internally consistent and low-risk because it is instruction-only and requests no credentials or installs. However, the source/homepage is unknown — if you plan to let an agent use this skill autonomously, consider: (1) only grant it to agents you trust, (2) do not supply real secrets or API keys in prompts, and (3) review any suggestions the skill generates before applying fixes to production code. If you need provenance guarantees, prefer skills with known authors or a published homepage/repo.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1vcx8ppmgc3bj9w41x9gzx80detq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments