Neckr0ik Security Suite
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: neckr0ik-security-suite Version: 1.0.0 The bundle provides a security auditing and compliance reporting toolkit. The main script, `scripts/suite.py`, implements logic for mapping detected vulnerabilities to compliance frameworks (SOC2, HIPAA, PCI-DSS) and generating ASCII-art certificates. The code logic is consistent with the stated purpose in `SKILL.md`, and no evidence of data exfiltration, malicious execution, or prompt injection was found in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may rely on this output as proof of SOC 2, HIPAA, PCI-DSS, or GDPR compliance when it may only reflect this tool's limited checks.
The skill presents locally generated scan output as a compliance certificate for regulated frameworks. That wording can make users believe they have formal compliance certification when the artifacts only show a static scan/control-mapping workflow.
Generate certification reports for: - SOC 2 Type II - HIPAA - PCI-DSS - GDPR ... ║ STATUS: ✅ COMPLIANT ... Certificate ID: SOC2-2026-03-06-A7B3C9D2
Treat the reports as informal security scan results, not official compliance certification; use qualified compliance review for regulated obligations.
Automatic fixes could change or break a skill, especially if run without backups or review.
The fixer is purpose-aligned, but it can automatically modify files in the target skill and offers a no-backup mode.
neckr0ik-security-suite fix /path/to/skill --auto ... --auto Apply all fixes without prompting --no-backup Do not create backup files
Run with --dry-run first, keep backups enabled, and review diffs before accepting changes.
The installed behavior may vary based on which dependency versions are resolved, including the code that performs scanning and fixes.
The suite depends on separate scanner and fixer packages that are not version-pinned in the provided artifact set, so core behavior depends on external code not fully reviewed here.
"dependencies": [ "neckr0ik-security-scanner", "neckr0ik-security-fixer" ]
Verify the source and versions of the dependent scanner and fixer packages before using the suite, especially before running automatic fixes.