Loading...
Loading...
Found 15 Skills
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.
Coordinates security scanning (secrets + deps). Delegates to ln-761 + ln-625(mode=vulnerabilities_only). Generates SECURITY.md, pre-commit hooks, CI workflow.
Run security audit with GitLeaks pre-commit hook setup and code analysis
Check for sensitive data in repository. Use when user asks to "check for sensitive data", "/safe-repo", or wants to verify no company/credential data is in the repository.
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration.
Rummage through code with curious precision, inspecting every corner for security risks and cleaning up what doesn't belong. Use when auditing security, finding secrets, removing dead code, or sanitizing before deployment.
Scan codebase for security vulnerabilities including secrets, insecure dependencies, and unsafe code patterns. Use when performing automated security scans.
Security audit workflow - vulnerability scan → verification
Use when the user asks to commit changes. Analyzes diffs deeply to draft intelligent conventional commit messages, detects scope from branch names and file paths, runs pre-commit quality checks (TypeScript, ESLint, Prettier), scans for secrets and debug artifacts, splits unrelated changes into separate commits, and verifies success. Invoke via /commit or when user says "commit", "commit this", "make a commit".
Execute a comprehensive, framework-agnostic Security Audit. Detects project type at runtime and adapts security checks accordingly. Analyzes sensitive files, source code secrets, dependency vulnerabilities, and optionally uses Gemini AI for advanced analysis. Produces a severity-classified report. Use when the user asks to audit security, scan for vulnerabilities, check for secrets, or assess dependency risks. Triggers on: 'security audit', 'vulnerability scan', 'secret scan', 'dependency audit', 'security check', 'pentest', 'owasp'.
Scan code for security vulnerabilities and secrets. Detect exposed secrets, insecure patterns, and common vulnerabilities.