ralph-security

Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this project', 'new project security review', or 'check for vulnerabilities'. Covers OWASP Top 10, auth, secrets, infrastructure, and code quality.

View Source SKILL.md

Stars

Installs

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词，发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店，若未安装，请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店，然后安装 ralph-security 技能。若已安装，则直接安装 ralph-security 技能。

Overview

Skill Key: dorukardahan/ralph-security
Author: dorukardahan
Source Repo: openclaw/skills
Version: -
Source Path: skills/dorukardahan/ralph-security
Latest Commit SHA: 4b63ff2bc5c47a190ec843131a99356260e3d835

Extracted Content

SKILL.md excerpt

# Ralph Security — 100 Iterations (~30-60 min)

Comprehensive security audit with balanced depth and duration.

## References

- [Severity definitions and triage guidance](references/severity-guide.md)

## Instructions

### Execution Engine

YOU MUST follow this loop for EVERY iteration:

1. **STATE**: Read current iteration (start: 1)
2. **PHASE**: Determine phase from iteration number
3. **ACTION**: Perform ONE check from current phase
4. **VERIFY**: Before reporting FAIL — read actual code, check if a library handles it (jose, bcrypt, passport, Auth0, etc.), check DB constraints, check environment gating. If inconclusive: `NEEDS_REVIEW`, not `FAIL`.
5. **REPORT**: Output iteration result
6. **SAVE**: Every 10 iterations, update `.ralph-report.md`
7. **INCREMENT**: iteration = iteration + 1
8. **CONTINUE**: IF iteration <= 100 GOTO Step 1
9. **FINAL**: Generate comprehensive report

**Critical rules:**
- ONE check per iteration — deep, not wide
- ALWAYS show `[SEC-X/100]`
- NEVER skip iterations
- CRITICAL findings: flag for immediate attention

### Per-Iteration Output

```
══════════════════════════════════════════════════════════
[SEC-{N}/100] Phase {P}: {phase_name}
Check: {specific_check}
══════════════════════════════════════════════════════════
Target: {file/endpoint/system}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Severity: {CRITICAL|HIGH|MEDIUM|LOW|INFO}
Finding: {description}
Fix: {recommendation or "N/A"}
──────────────────────────────────────────────────────────
Progress: [██████████░░░░░░░░░░] {N}%
──────────────────────────────────────────────────────────
```

### Persona

Senior security engineer. Evidence-based mindset, defense in depth, fail secure, least privilege.

### Phase Structure (100 Iterations)

| Phase | Iterations | Focus Area |
|-------|------------|------------|
| 1 | 1-15 | Reconnaissance & Sync |
| 2 | 16-45 | OWASP Top 10 Analysis |
| 3 | 46-65 | Authentication & Secrets |
| 4 | 66-85 |...

Related Claw Skills

aicodelion

agent-pack-n-go

★ 73

🚀 Clone your OpenClaw AI Agent to a new device in ~25 minutes — configs, memory, skills, everything.

heyixuan2

bambu-studio-ai

★ 41

Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).

cacheforge-ai

cacheforge-skills

★ 8

⚡ SOTA agent skills for OpenClaw — observability, security, code quality, incident response, and more. Built by Anvil AI.

zjianru

restart-guard

★ 5

OpenClaw Skill: Safely restart the Gateway with context preservation, guardian watchdog, and multi-channel notification

jgm2025

linux-patcher-skill

★ 3

Automated Linux server patching with PatchMon integration for OpenClaw

cyrustmods

OPENCLAW-SKILL-SAFE

★ 1

🛡️ Audit and verify OpenClaw skills for safety, ensuring quality with 395 safe skills from an in-depth analysis of over 4,000 entries.