Loading...
Loading...
Found 23 Skills
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.
Expert in detecting private information, secrets, API keys, credentials, and sensitive data in codebases before open sourcing
Coordinates security scanning (secrets + deps). Delegates to ln-761 + ln-625(mode=vulnerabilities_only). Generates SECURITY.md, pre-commit hooks, CI workflow.
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns
Run security audit with GitLeaks pre-commit hook setup and code analysis
Check for sensitive data in repository. Use when user asks to "check for sensitive data", "/safe-repo", or wants to verify no company/credential data is in the repository.
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration.
Scans source code, configuration files, and git history for hardcoded credentials, API keys, and tokens. Use when auditing repositories for security leaks or ensuring sensitive data is not committed to version control.
This skill is used when the user requests 'review my prompt', 'analyze my conversation history', 'diagnose my understanding level', or when it is invoked via /prompt-review. It reads past AI Agent conversation histories (Claude Code, GitHub Copilot Chat, Cline, Roo Code, Windsurf, Antigravity), estimates the user's technical understanding level, prompting patterns and AI dependency, then generates a corresponding report.
Git security scanner with secret detection, commit validation, and pre-commit hooks. Inspired by ZeroClaw's gitleaks integration.
Rummage through code with curious precision, inspecting every corner for security risks and cleaning up what doesn't belong. Use when auditing security, finding secrets, removing dead code, or sanitizing before deployment.