security-patterns
Real-time security pattern detector based on Anthropic's official security-guidance plugin. Use proactively when writing code to detect command injection, XSS, unsafe deserialization, and dynamic code execution risks. Identifies dangerous patterns BEFORE they're committed.
Why use this skill?
Identify and fix command injection, XSS, and unsafe deserialization risks in real-time with the security-patterns OpenClaw skill.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anton-abyzov/sw-security-patternsWhat This Skill Does
The security-patterns skill acts as a proactive security architect within your development workflow. Powered by the official Anthropic security-guidance framework, this tool scans your codebases and snippets in real-time to identify potential vulnerabilities before they are ever committed to a repository. By analyzing your code for common security pitfalls—such as command injection, Cross-Site Scripting (XSS), unsafe deserialization, and dynamic code execution—it helps you maintain a secure posture from the very first line of code.
Installation
To integrate this security auditor into your environment, use the OpenClaw CLI tool. Execute the following command in your terminal:
clawhub install openclaw/skills/skills/anton-abyzov/sw-security-patterns
Ensure you have the latest version of OpenClaw configured to pull from the official registry. Once installed, the skill will automatically monitor your active coding sessions and flag dangerous patterns as you type.
Use Cases
This skill is essential for developers working on web applications, server-side services, or infrastructure-as-code. Use it when implementing authentication flows, handling user-submitted files, interacting with system shells, or constructing dynamic database queries. It is particularly effective for teams implementing a 'Shift Left' security strategy, allowing junior and senior engineers alike to learn secure coding patterns through instant feedback loops.
Example Prompts
- "OpenClaw, scan this block of Node.js code I just wrote for potential command injection risks: [paste code here]."
- "I am implementing a file upload feature. Please check if my path sanitization logic using 'path.join' and 'path.basename' is secure against path traversal."
- "Does my React component containing 'dangerouslySetInnerHTML' expose my application to XSS, and how should I refactor it using DOMPurify?"
Tips & Limitations
While security-patterns is a powerful static analysis tool, it should not replace comprehensive penetration testing or manual code audits. The tool excels at detecting well-known 'anti-patterns' but cannot always discern context-specific business logic vulnerabilities. Always prioritize parameterization in SQL and keep your dependencies updated. Treat this skill as a secondary layer of defense that provides immediate, automated insights, encouraging better coding habits and preventing accidental introduction of critical security flaws in high-velocity development environments.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anton-abyzov-sw-security-patterns": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Related Skills
network-engineer
Cloud network architect for VPC design, service mesh, zero-trust networking, load balancers, and CDN optimization. Use for network troubleshooting or connectivity issues.
jira-multi-project-mapper
Expert in mapping SpecWeave specs to multiple JIRA projects with intelligent project detection and cross-project coordination. Use when syncing to multiple JIRA projects (project-per-team, component-based), or managing bidirectional sync across team boundaries.
helm-chart-scaffolding
Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.
performance-optimization
React Native performance with Hermes V1, FlashList, expo-image v2, concurrent rendering. Use for slow app, memory leaks, or FPS issues.
release-strategy-advisor
Release strategy advisor - detects brownfield patterns (tags, CI/CD, changelogs), recommends versioning strategy based on architecture. Creates release-strategy.md.