Install
openclaw skills install security-scanner-triageSecurity Scanner Triage
Triage security/virus scanner findings for skills and automations. Use when scanner reports mixed-risk findings (defaults, credential handling, data routing, metadata mismatch, docs inconsistency). Do not use for live incident response requiring SOC tooling. Success = prioritized true issues, false positives called out, and concrete remediation patch plan.
Security Scanner Triage
Workflow
- Normalize findings
- Convert scanner text into discrete claims.
- Group by category: data routing, credentials, defaults, docs mismatch, privilege/persistence.
- Verify against code/docs
- Locate exact file/line evidence.
- Mark each claim as:
- Confirmed
- Partially confirmed
- Not reproducible
- Risk rate
- Critical / High / Medium / Low
- Include blast radius and exploitability notes.
- Remediation plan
- Provide minimal patch order:
- safety first
- behavior/docs consistency
- version bump and publish notes
- Verification
- Provide re-scan checklist and expected clean-state signals.
Output format
Use references/output-template.md.
Guardrails
- Never leak secrets from
.env. - Distinguish trust/disclosure issues from active vulnerabilities.
- Always separate "data-routing transparency" findings from "security-impact" findings.