Weak cryptography detector (OWASP A02:2021 — Cryptographic Failures). Scans Python, JavaScript/TypeScript, Go, Java, and PHP source code for 10 classes of insecure cryptography — MD5/SHA1 password hashing, PRNG for security-sensitive values, hardcoded IVs, ECB mode, DES/RC4/Blowfish, RSA key size under 2048 bits, weak JWT secrets, bcrypt rounds too low, TLS 1.0/1.1 acceptance, and hardcoded cryptographic keys in source. Zero external dependencies. CI fail-gate included.

Install

openclaw skills install @phy041/phy-crypto-audit