Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description describe a static 'secure linter' and the SKILL.md lists language detection, vulnerability checks, and quality checks. There are no unrelated binaries, env vars, or installs required — the requested capabilities align with the stated purpose.
Instruction Scope
Instructions are limited to static analysis steps (identify language, check for SQLi/XSS/hardcoded keys, code-smells) and specify output format. The only outward action suggested is using `browser` or `web_fetch` to consult public security guidance (e.g., OWASP). That is reasonable for augmenting checks but means the agent may make external network requests if those tools are available — review how the agent handles outbound requests and whether it sends user code/context to external sites.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a static linter that claims to operate without special configuration.
Persistence & Privilege
Flags are default (not always-on). The skill does not request persistent system presence or modify other skills; normal autonomous invocation remains possible but is not unusual or excessive here.
Assessment
This skill appears coherent and safe in structure: it performs static analysis only, needs no installs or credentials, and outputs line numbers, risk levels, and fixes. Before installing: (1) confirm whether your agent's `browser`/`web_fetch` calls transmit code or other context to third-party sites — avoid sending sensitive code to external endpoints; (2) remember the skill is a static checker and can miss business-logic vulnerabilities, so perform manual review for high-risk code; (3) if you require offline-only analysis, do not enable the agent's web access or prefer a skill that explicitly forbids external fetches.Like a lobster shell, security has layers — review code before you run it.
latestvk971348097xhzg3q3p1f9qkbxd83mxes
License
MIT-0
Free to use, modify, and redistribute. No attribution required.