senior-security
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, vulnerability assessments, secure coding practices, security audits, attack surface analysis, CVE remediation, or security best practices.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/senior-securityWhat This Skill Does
The senior-security skill serves as a professional-grade cybersecurity engineering toolkit designed to integrate directly into your development lifecycle. It provides automated workflows for threat modeling using the industry-standard STRIDE methodology, vulnerability analysis, and secure architecture design. Whether you are performing a rigorous code review, architecting a zero-trust network, or conducting a tabletop exercise for incident response, this skill acts as your virtual Senior Security Engineer. It translates complex security frameworks into actionable insights, helping you identify potential attack vectors before deployment.
Installation
To integrate this skill into your environment, run the following command via your terminal or agent interface:
clawhub install openclaw/skills/alirezarezvani/senior-security
Ensure you have the necessary permissions within your current working directory to allow the tool to scan your architecture documentation or code repositories.
Use Cases
- Proactive Threat Modeling: Use the STRIDE analysis module to map out data flows in your microservices architecture and identify vulnerabilities in your authentication and authorization flows.
- Secure Architecture Review: Apply defense-in-depth principles to evaluate your cloud infrastructure design, ensuring appropriate segmentation and encryption protocols are in place.
- Code Security Audits: Scan sensitive modules for common patterns of insecure coding, such as improper validation, reliance on untrusted inputs, or missing cryptographic controls.
- Compliance Preparation: Generate documentation for security audits by maintaining a living record of your threat models and mitigation strategies.
Example Prompts
- "Perform a STRIDE threat analysis on my current authentication flow architecture and identify potential elevation of privilege vulnerabilities."
- "Review the following code snippet for potential OWASP Top 10 vulnerabilities, specifically focusing on SQL injection and insecure deserialization."
- "Generate a security checklist for a microservices architecture communicating over gRPC, emphasizing confidentiality and integrity."
Tips & Limitations
To get the best results, provide the agent with clear, structured diagrams or documentation regarding your system's data flows. While the skill is excellent at identifying architectural weaknesses, it does not replace an automated DAST (Dynamic Application Security Testing) tool or a full-scale manual penetration test. Always validate the suggested mitigations against your specific business requirements and regulatory compliance standards.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-senior-security": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
intl-expansion
International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.
marketing-strategy-pmm
Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.
paid-ads
When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.
qms-audit-expert
ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
code-reviewer
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.