senior-security
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, vulnerability assessments, secure coding practices, security audits, attack surface analysis, CVE remediation, or security best practices.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/senior-securityWhat This Skill Does
The senior-security skill serves as a professional-grade cybersecurity engineering toolkit designed to integrate directly into your development lifecycle. It provides automated workflows for threat modeling using the industry-standard STRIDE methodology, vulnerability analysis, and secure architecture design. Whether you are performing a rigorous code review, architecting a zero-trust network, or conducting a tabletop exercise for incident response, this skill acts as your virtual Senior Security Engineer. It translates complex security frameworks into actionable insights, helping you identify potential attack vectors before deployment.
Installation
To integrate this skill into your environment, run the following command via your terminal or agent interface:
clawhub install openclaw/skills/alirezarezvani/senior-security
Ensure you have the necessary permissions within your current working directory to allow the tool to scan your architecture documentation or code repositories.
Use Cases
- Proactive Threat Modeling: Use the STRIDE analysis module to map out data flows in your microservices architecture and identify vulnerabilities in your authentication and authorization flows.
- Secure Architecture Review: Apply defense-in-depth principles to evaluate your cloud infrastructure design, ensuring appropriate segmentation and encryption protocols are in place.
- Code Security Audits: Scan sensitive modules for common patterns of insecure coding, such as improper validation, reliance on untrusted inputs, or missing cryptographic controls.
- Compliance Preparation: Generate documentation for security audits by maintaining a living record of your threat models and mitigation strategies.
Example Prompts
- "Perform a STRIDE threat analysis on my current authentication flow architecture and identify potential elevation of privilege vulnerabilities."
- "Review the following code snippet for potential OWASP Top 10 vulnerabilities, specifically focusing on SQL injection and insecure deserialization."
- "Generate a security checklist for a microservices architecture communicating over gRPC, emphasizing confidentiality and integrity."
Tips & Limitations
To get the best results, provide the agent with clear, structured diagrams or documentation regarding your system's data flows. While the skill is excellent at identifying architectural weaknesses, it does not replace an automated DAST (Dynamic Application Security Testing) tool or a full-scale manual penetration test. Always validate the suggested mitigations against your specific business requirements and regulatory compliance standards.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-senior-security": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
autoresearch-agent
Autonomous experiment loop that optimizes any file by a measurable metric. Inspired by Karpathy's autoresearch. The agent edits a target file, runs a fixed evaluation, keeps improvements (git commit), discards failures (git reset), and loops indefinitely. Use when: user wants to optimize code speed, reduce bundle/image size, improve test pass rate, optimize prompts, improve content quality (headlines, copy, CTR), or run any measurable improvement loop. Requires: a target file, an evaluation command that outputs a metric, and a git repo.
business-growth-skills
4 production-ready business and growth skills: customer success manager with health scoring and churn prediction, sales engineer with RFP analysis, revenue operations with pipeline and GTM metrics, and contract & proposal writer. Python tools included (all stdlib-only). Works with Claude Code, Codex CLI, and OpenClaw.
copywriting
When the user wants to write, rewrite, or improve marketing copy for any page — including homepage, landing pages, pricing pages, feature pages, about pages, or product pages. Also use when the user says "write copy for," "improve this copy," "rewrite this page," "marketing copy," "headline help," or "CTA copy." For email copy, see email-sequence. For popup copy, see popup-cro.
pr-review-expert
PR Review Expert
performance-profiler
Performance Profiler