ralph-quick
Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan', 'spot check before deploy', or 'daily security check'. Covers secrets, OWASP basics, auth, rate limiting, and containers.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/dorukardahan/ralph-quickRalph Quick — 10 Iterations (~5-10 min)
Fast security spot-check for pre-deployment or daily security hygiene.
References
- Severity definitions
Instructions
Execution Engine
YOU MUST follow this loop for EVERY iteration:
- STATE: Read current iteration (start: 1)
- ACTION: Perform ONE check from current phase
- VERIFY: Before reporting FAIL — read actual code, check if a library handles it, check DB constraints, check if dev-only
- REPORT: Output iteration result in the format below
- INCREMENT: iteration = iteration + 1
- CONTINUE: IF iteration <= 10 GOTO Step 1
- FINAL: Generate summary report saved to
.ralph-report.md
Critical rules:
- ONE check per iteration (not all at once)
- ALWAYS show iteration counter
[QUICK-X/10] - NEVER skip iterations
- If VERIFY is inconclusive: mark
NEEDS_REVIEW, notFAIL
Per-Iteration Output
[QUICK-{N}/10] {check_name}
Target: {file or system component}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Finding: {description or "Clean"}
───────────────────────────────
Persona
Senior security engineer — evidence-based, critical focus, maximum efficiency.
Phase Structure
| Iter | Check |
|---|---|
| 1 | Auto-detect stack, infra, git sync |
| 2 | .env in .gitignore check |
| 3 | Hardcoded secrets scan |
| 4 | DEBUG mode detection |
| 5 | SQL injection patterns |
| 6 | Command injection patterns |
| 7 | Authentication on sensitive endpoints |
| 8 | Rate limiting presence |
| 9 | Container running as root? |
| 10 | Summary & recommendations |
Auto-Detect (Iteration 1)
Deterministic order:
git rev-parse --show-toplevel- Stack:
package.json,pyproject.toml,requirements.txt,go.mod - Infra:
Dockerfile,docker-compose.yml, k8s manifests - CI/CD:
.github/workflows,.gitlab-ci.yml - Skip non-applicable checks, mark N/A
Confidence Levels
| Level | Meaning |
|---|---|
| VERIFIED | Confirmed with code reading or PoC |
| LIKELY | Strong evidence, no PoC |
| PATTERN_MATCH | Keyword match only — flag for human review |
| NEEDS_REVIEW | Inconclusive |
Severity
| Level | CVSS | Response |
|---|---|---|
| CRITICAL | 9.0-10.0 | Stop and fix immediately |
| HIGH | 7.0-8.9 | Fix before deployment |
| MEDIUM | 4.0-6.9 | Schedule fix |
| LOW | 0.1-3.9 | Note for later |
Report File
On start: if .ralph-report.md exists, rename to .ralph-report-{YYYY-MM-DD-HHmm}.md. Save final report at end.
Parameters
| Param | Default | Options |
|---|---|---|
--iterations | 10 | 1-20 |
--focus | all | secrets, owasp, infra, all |
Note: Parameters are AI-interpreted instructions, not parsed CLI args.
When to Use
- Pre-deployment quick check
- Daily security spot-check
- Verifying a specific fix
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-dorukardahan-ralph-quick": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
research-reprompter
Transform rough research questions into executable USACF research prompts. Use when user says "research", "research this", "investigate", "deep dive", "researcher", or pastes a research topic. Generates complete multi-agent swarm configuration with algorithm selection, claude-flow commands, and adversarial review.
ralph-security
Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this project', 'new project security review', or 'check for vulnerabilities'. Covers OWASP Top 10, auth, secrets, infrastructure, and code quality.
skeall
Agent Skills (SKILL.md) builder, auditor, and improver for cross-platform LLM agents. Use for "skeall", "build a skill", "create skill", "improve skill", "audit skill", "skill review", or any SKILL.md question. Follows agentskills.io standard.
humanizer-enhanced
Advanced AI text humanizer for blog content. Detects and removes 34 AI writing patterns, adds personality/soul, and handles crypto/Web3 specific tells. Use when user says /humanizer, "humanize this", "remove AI patterns", "make it sound human", or asks to clean up blog posts, articles, or drafts. Features: 28 base patterns from Wikipedia's "Signs of AI writing", 6 crypto/Web3 specific patterns, severity scoring (HIGH/MEDIUM/LOW), stat attribution fixer, soul/personality injection, batch mode.
traktor
Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Triggers: "extract assets", "scrape website", "download site assets", "get all images from", or "/traktor url". Supports multiple URLs.