ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

security

Security engineer for vulnerability assessment, penetration testing guidance, and secure code review. Use for OWASP Top 10 checks, threat modeling, or security architecture review. Covers authentication flaws, injection vulnerabilities, access control, and compliance requirements.

Why use this skill?

Enhance your app security with the OpenClaw Security Engineer skill. Perform OWASP Top 10 checks, threat modeling, and secure code reviews with ease.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/anton-abyzov/sw-security
Or

What This Skill Does

The Security Engineer skill provides OpenClaw agents with advanced expertise in application security, penetration testing guidance, and secure code review. It acts as an interactive security consultant, helping users identify vulnerabilities, perform threat modeling, and adhere to industry compliance standards. The skill is structured around core security domains, including the OWASP Top 10, authentication protocols, encryption standards, compliance frameworks, and secret management. By utilizing a systematic, phased approach—specifically focusing on one security domain at a time—the skill ensures that deep-dive audits remain manageable and highly effective. It mandates the use of the STRIDE methodology for threat modeling and prioritizes fixes based on CRITICAL, HIGH, MEDIUM, and LOW risk levels, ensuring that developers address the most significant vulnerabilities first.

Installation

To integrate this skill into your OpenClaw environment, use the command-line interface to pull it from the central repository. Run the following command in your terminal: clawhub install openclaw/skills/skills/anton-abyzov/sw-security Ensure that you have sufficient permissions to modify your local skill configurations before running the command.

Use Cases

  • Security Architecture Reviews: Analyze your proposed system design for architectural flaws before a single line of code is written.
  • OWASP Top 10 Compliance: Use the automated checklist to audit existing applications for common vulnerabilities like injection, broken access control, and SSRF.
  • Threat Modeling: Generate comprehensive STRIDE-based threat models for new features to preemptively identify potential attack vectors.
  • Compliance Audits: Prepare for regulatory requirements such as GDPR, HIPAA, or SOC 2 by identifying gaps in your current infrastructure and documentation.

Example Prompts

  1. "Perform an OWASP Top 10 audit on this authentication service snippet and highlight any potential injection or session management flaws."
  2. "Create a STRIDE threat model for our new API gateway that handles sensitive customer PII and third-party payment tokens."
  3. "Review our current encryption standards for data at rest and in transit, specifically looking for compliance gaps regarding GDPR."

Tips & Limitations

  • Token Management: The skill operates on a strictly defined token budget. Keep your audit requests focused to ensure the analysis remains accurate and avoids truncation.
  • Domain Isolation: To get the best results, follow the skill's workflow of analyzing one domain at a time. This prevents cognitive overload for the model and ensures high-quality, actionable output.
  • Human Verification: While this skill is an expert tool, it should be treated as a security aid. Always manually review critical fixes and perform secondary penetration testing before deploying changes to production environments.
Read Full Documentation on GitHub

Metadata

Author@anton-abyzov
Stars1054
Views0
Updated2026-02-16
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-anton-abyzov-sw-security": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#owasp#penetration-testing#vulnerability-assessment#compliance
Safety Score: 4/5

Flags: code-execution, file-read

Related Skills

network-engineer

Cloud network architect for VPC design, service mesh, zero-trust networking, load balancers, and CDN optimization. Use for network troubleshooting or connectivity issues.

anton-abyzov 1100

jira-multi-project-mapper

Expert in mapping SpecWeave specs to multiple JIRA projects with intelligent project detection and cross-project coordination. Use when syncing to multiple JIRA projects (project-per-team, component-based), or managing bidirectional sync across team boundaries.

anton-abyzov 1100

helm-chart-scaffolding

Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.

anton-abyzov 1100

performance-optimization

React Native performance with Hermes V1, FlashList, expo-image v2, concurrent rendering. Use for slow app, memory leaks, or FPS issues.

anton-abyzov 1100

release-strategy-advisor

Release strategy advisor - detects brownfield patterns (tags, CI/CD, changelogs), recommends versioning strategy based on architecture. Creates release-strategy.md.

anton-abyzov 1100