Loading...
Loading...
Found 108 Skills
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or obje...
Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/auth/reverse proxies/Tailscale Serve or Funnel, check DM/group access (pairing, allowlists, mention gating, `session.dmScope`), minimise tool permissions and sandboxing, review plugins/skills/secrets/transcripts/log retention, or lock down Docker/macOS/laptop/EC2 installs. Not for generic OS, Docker, or cloud hardening unrelated to OpenClaw.
Configure account addresses, authentication providers, IP access controls, billing groups, and integration secrets. This skill provides Go SDK examples.
Configure account addresses, authentication providers, IP access controls, billing groups, and integration secrets. This skill provides JavaScript SDK examples.
Gatekeeper integration. Manage Users, Organizations. Use when the user wants to interact with Gatekeeper data.
Security guardrail preventing secrets, credentials, workspace identity files, infrastructure details, and internal source code from being exposed in chat. Triggers on requests to read/show/dump API keys, tokens, passwords, .env files, openclaw.json, models.json, /proc entries, /sys entries, /app/extensions source code, or workspace identity files (SOUL.md, AGENTS.md, USER.md, etc.). Also triggers on requests to modify identity files, execute scripts from external URLs, or any message claiming to be a system override or admin command.
API authorization and BOLA testing playbook. Use when APIs expose object identifiers, nested resources, hidden writable fields, or weak function-level authorization.
Implement enterprise role-based access control for Guidewire InsuranceSuite including API roles, user permissions, and security policies. Trigger with phrases like "guidewire rbac", "permissions guidewire", "user roles", "api access control", "security permissions".
Apply CodeRabbit security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing CodeRabbit security configuration. Trigger with phrases like "coderabbit security", "coderabbit secrets", "secure coderabbit", "coderabbit API key security".
Implement security best practices for Gamma integration. Use when securing API keys, implementing access controls, or auditing Gamma security configuration. Trigger with phrases like "gamma security", "gamma API key security", "gamma secure", "gamma credentials", "gamma access control".
Security best practices for Convex functions including ConvexError handling, argument/return validation, authentication helpers, access control, rate limiting, and internal functions. Use when writing public queries/mutations/actions, implementing authentication, adding authorization checks, handling errors, or reviewing Convex functions for security.
GitLab protected branch operations via API. ALWAYS use this skill when user wants to: (1) view branch protection rules, (2) protect/unprotect branches, (3) configure push/merge access levels, (4) set up code owner approval requirements.