Overview
- Skill Key
- gitgoodordietrying/security-audit-toolkit
- Author
- gitgoodordietrying
- Source Repo
- openclaw/skills
- Version
- -
- Source Path
- skills/gitgoodordietrying/security-audit-toolkit
- Latest Commit SHA
- ea5b051e91d81ef3778fdac3d0936287f92fdb58
Official OpenClaw
rules
36%
security-audit
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
安装方式
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 security-audit 技能。 若已安装,则直接安装 security-audit 技能。
Extracted Content
SKILL.md excerpt
# Security Audit
Scan, detect, and fix security issues in codebases and infrastructure. Covers dependency vulnerabilities, secret detection, OWASP top 10, SSL/TLS verification, file permissions, and secure coding patterns.
## When to Use
- Scanning project dependencies for known vulnerabilities
- Detecting hardcoded secrets, API keys, or credentials in source code
- Reviewing code for OWASP top 10 vulnerabilities (injection, XSS, CSRF, etc.)
- Verifying SSL/TLS configuration for endpoints
- Auditing file and directory permissions
- Checking authentication and authorization patterns
- Preparing for a security review or compliance audit
## Dependency Vulnerability Scanning
### Node.js
```bash
# Built-in npm audit
npm audit
npm audit --json | jq '.vulnerabilities | to_entries[] | {name: .key, severity: .value.severity, via: .value.via[0]}'
# Fix automatically where possible
npm audit fix
# Show only high and critical
npm audit --audit-level=high
# Check a specific package
npm audit --package-lock-only
# Alternative: use npx to scan without installing
npx audit-ci --high
```
### Python
```bash
# pip-audit (recommended)
pip install pip-audit
pip-audit
pip-audit -r requirements.txt
pip-audit --format=json
# safety (alternative)
pip install safety
safety check
safety check -r requirements.txt --json
# Check a specific package
pip-audit --requirement=- <<< "requests==2.25.0"
```
### Go
```bash
# Built-in vuln checker
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
# Check specific binary
govulncheck -mode=binary ./myapp
```
### Rust
```bash
# cargo-audit
cargo install cargo-audit
cargo audit
# With fix suggestions
cargo audit fix
```
### Universal: Trivy (scans any project)
```bash
# Install: https://aquasecurity.github.io/trivy
# Scan filesystem
trivy fs .
# Scan specific language
trivy fs --scanners vuln --severity HIGH,CRITICAL .
# Scan Docker image
trivy image myapp:latest
# JSON output
trivy fs --format json -o results.jso...
Related Claw Skills
aicodelion
agent-pack-n-go
🚀 Clone your OpenClaw AI Agent to a new device in ~25 minutes — configs, memory, skills, everything.
heyixuan2
bambu-studio-ai
Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).
cacheforge-ai
cacheforge-skills
⚡ SOTA agent skills for OpenClaw — observability, security, code quality, incident response, and more. Built by Anvil AI.
zjianru
restart-guard
OpenClaw Skill: Safely restart the Gateway with context preservation, guardian watchdog, and multi-channel notification
jgm2025
linux-patcher-skill
Automated Linux server patching with PatchMon integration for OpenClaw
cyrustmods
OPENCLAW-SKILL-SAFE
🛡️ Audit and verify OpenClaw skills for safety, ensuring quality with 395 safe skills from an in-depth analysis of over 4,000 entries.