Li_codeql_LLM
CodeQL 安全扫描与 LLM 智能分析融合工具。自动检测 CodeQL 安装、扫描指定目录、生成漏洞报告、LLM 分析、Jenkins 集成、输出验证 Checklist。
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/43622283/li-codeql-llmWhat This Skill Does
Li_codeql_LLM is a sophisticated security-focused automation tool designed to bridge the gap between static application security testing (SAST) and intelligent vulnerability remediation. It orchestrates the entire CodeQL pipeline—from environment validation and database creation to complex analysis. By integrating with LLMs, the skill goes beyond traditional scanner output; it parses intricate SARIF data to filter out false positives, rank vulnerabilities by actual business risk, and provide actionable, context-aware remediation advice. It outputs both a structured security report and a step-by-step verification checklist, streamlining the devsecops workflow for developers and security analysts alike.
Installation
To integrate this tool into your OpenClaw environment, ensure you have the necessary system dependencies installed including CodeQL CLI (v2.10.0+), Python 3.11+, and your choice of uv or pip. Execute the following command within your terminal or OpenClaw interface: clawhub install openclaw/skills/skills/43622283/li-codeql-llm. Ensure that your environment has appropriate read/write permissions for the directory being analyzed and that your system PATH is configured to recognize the codeql binary.
Use Cases
- Automated Security Audits: Regularly run scans against source code repositories to catch vulnerabilities before they reach production.
- CI/CD Integration: Seamlessly incorporate the skill into automated pipelines to gate deployments based on security severity thresholds.
- Targeted Penetration Testing: Use the skill to scan vulnerable machines or legacy projects to generate a precise attack surface map and a validation checklist for manual verification.
- Remediation Planning: Leverage LLM insights to prioritize the most critical bugs based on code context rather than just raw scanner scores.
Example Prompts
- "Scan the project located at /home/user/workspace/web-app and generate a vulnerability verification checklist."
- "Perform a security audit on /var/www/legacy-site, categorize findings by OWASP Top 10, and explain the top 3 risks."
- "Analyze the current directory for high-severity Python vulnerabilities and draft a report with specific code-level remediation suggestions."
Tips & Limitations
- False Positives: While the LLM layer significantly improves accuracy, always manually verify high-risk findings before taking destructive action.
- Resource Management: Large codebases require significant memory and CPU for the database creation phase; ensure adequate system resources before scanning massive repositories.
- Language Support: Ensure your project languages align with the supported QL libraries. Always keep your local CodeQL query packs updated to benefit from the latest security research.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-43622283-li-codeql-llm": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, file-read, code-execution
Related Skills
li_itil_manager
ITIL 5 Manager - Elite IT Service Management Advisor specializing in ITSM, FinOps, and IT governance using ITIL 5 DPSM framework.
Li Etl Handle Safe
Skill by 43622283
Li Doc Answer
Skill by 43622283
li-feishu-audio
飞书语音交互技能。支持语音消息自动识别、AI 处理、语音回复全流程。需要配置 FEISHU_APP_ID 和 FEISHU_APP_SECRET 环境变量。使用 faster-whisper 进行语音识别,Edge TTS 进行语音合成,自动转换 OPUS 格式并通过飞书发送。适用于飞书平台的语音对话场景。
li_sentry_check
Multi-platform server inspection and health check skill. SSH into remote Linux servers using key-based authentication, run read-only inspection commands (CPU, memory, disk, network, services, security), and generate structured Markdown reports with anomaly highlighting. Use when the user asks to inspect servers, run health checks, check system metrics, perform 巡检/巡查, gather system status, or generate inspection reports. Compatible with nanobot, OpenClaw, and Hermes agent.