Li_python_sec_check
Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析(LLM 功能默认禁用,本地执行优先)
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/43622283/li-python-sec-checkWhat This Skill Does
Li_python_sec_check is a specialized OpenClaw agent skill designed to audit Python source code for security vulnerabilities and adherence to industry-standard best practices. By combining the rigorous requirements of CloudBase infrastructure guidelines with comprehensive Tencent security recommendations, this tool provides a multi-layered analysis of your codebase. The skill operates primarily through a local execution engine to ensure data privacy, with an optional LLM-assisted analysis mode that can be enabled for deep semantic vulnerability detection when complex logic assessment is required.
Installation
To integrate this security tool into your OpenClaw environment, execute the following command in your terminal or ClawHub interface:
clawhub install openclaw/skills/skills/43622283/li-python-sec-check
Once installed, the skill will be available as an active agent module, ready to scan files or directory paths passed to the assistant.
Use Cases
This skill is indispensable for developers and DevOps engineers aiming to harden their Python applications. Common use cases include:
- Conducting automated pre-commit security audits to detect common pitfalls like hardcoded secrets, SQL injection vulnerabilities, or insecure cryptographic implementations.
- Ensuring compliance with enterprise-grade security standards during the code review process.
- Automating the detection of outdated or vulnerable third-party library dependencies.
- Providing pedagogical feedback to junior developers on secure coding patterns in Python.
Example Prompts
- "Analyze the current project directory using li_python_sec_check and report any high-priority security vulnerabilities."
- "Run a security audit on the file 'database_connector.py' and suggest refactoring tips based on CloudBase security guidelines."
- "Scan my entire codebase for hardcoded API keys or sensitive credentials and explain how to mitigate each finding."
Tips & Limitations
- Local First: The tool defaults to local static analysis. For the most sensitive code, keep the LLM-assisted mode disabled to prevent source code from being sent to external models.
- Scope: While the tool excels at pattern matching and vulnerability identification, it should not replace human security audits for critical production systems.
- Context: Always provide the full scope of your project directory when possible, as the tool performs better when it can analyze cross-file dependencies and imports. The skill currently focuses primarily on Python; it will not offer relevant analysis for other languages within your repository.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-43622283-li-python-sec-check": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, code-execution
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.