unified security auditor
v1.0.0Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, use...
⭐ 0· 86·0 current·0 all-time
bySelim@selimerunkut
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (unified security auditor for code/agent workflows) align with the SKILL.md content and README: guidance targets authentication, authorization, secrets, CI/CD and AI-agent risks. The package does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md contains audit workflows, detection patterns, and an output format. It instructs the assistant to review code, CI/CD, dependencies and agent workflows — all consistent with the stated purpose. There are no instructions to read system-wide credentials, arbitrary files outside the repo, or to exfiltrate data to external endpoints.
Install Mechanism
No install spec or code files are present beyond documentation and SKILL.md; installation guidance is simple file-copy into local/global skill folders. There are no downloads, extracted archives, or package installs that would write/execute arbitrary code on disk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for an instruction-only security-audit skill that analyzes code and CI workflows.
Persistence & Privilege
Flags are default (not always:true). The skill does not request permanent system presence or elevated privileges and does not modify other skills' configs. Model invocation is enabled (default) which allows autonomous invocation — this is normal for skills and is not by itself a problem here.
Assessment
This skill is instruction-only and internally consistent with its stated purpose: it doesn't request credentials or install code, so the immediate security risk is low. Before installing, consider (1) reviewing the SKILL.md and README to confirm the guidance matches your policies and coding standards, (2) noting the CC-BY-SA-4.0 license (share‑alike obligations if you redistribute or modify the skill), and (3) validating any concrete fixes the skill suggests before applying them (treat automated remediation as advisory). Also be mindful that, like most skills, it can be invoked autonomously by the agent — if you want to avoid that, disable autonomous invocation in your agent policy or only run the skill interactively.Like a lobster shell, security has layers — review code before you run it.
latestvk9727tp4076jg8fpr1nn94bxs583d8pg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.