Official Verified

ralph-ultra

Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough security review', 'before major release', or 'security incident investigation'. Covers OWASP deep dive, supply chain, compliance, business logic, 4 expert personas.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/dorukardahan/ralph-ultra

Download Source Code (.zip)

Ralph Ultra — 1,000 Iterations (~4-8 hours)

Deep-dive security audit with thorough coverage across all attack vectors.

References

Severity and triage guidance
Expert persona descriptions

Instructions

Execution Engine

YOU MUST follow this loop for EVERY iteration:

STATE: Read current iteration (start: 1)
PHASE: Determine phase from iteration number
MIND: Activate appropriate expert persona for phase
ACTION: Perform ONE check from current phase
VERIFY: Before FAIL — read actual code, check libraries, check DB constraints, check environment. If inconclusive: NEEDS_REVIEW.
REPORT: Output iteration result
SAVE: Every 50 iterations, update .ralph-report.md
INCREMENT: iteration + 1
CONTINUE: IF iteration <= 1000 GOTO Step 1
FINAL: Generate comprehensive report

Critical rules:

ONE check per iteration — deep, not wide
ALWAYS show [ULTRA-X/1000]
NEVER skip iterations
CRITICAL findings: immediately flag
Apply Red Team mindset to EVERY check

Per-Iteration Output

╔══════════════════════════════════════════════════════════════════╗
║ [ULTRA-{N}/1000] Phase {P}: {phase_name}                        ║
║ Mind: {active_expert_persona}                                    ║
╠══════════════════════════════════════════════════════════════════╣
║ Check: {specific_check}                                          ║
║ Target: {file:line / endpoint / system}                          ║
╠══════════════════════════════════════════════════════════════════╣
║ Result: {PASS|FAIL|WARN|N/A}                                     ║
║ Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}         ║
║ Severity: {CRITICAL|HIGH|MEDIUM|LOW|INFO}                        ║
║ CVSS: {score}                                                    ║
╠══════════════════════════════════════════════════════════════════╣
║ Finding: {detailed description}                                  ║
║ Exploit: {proof of concept or "N/A"}                             ║
║ Fix: {specific remediation}                                      ║
╠══════════════════════════════════════════════════════════════════╣
║ Progress: [████████████░░░░░░░░] {N/10}%                         ║
║ Phase: {current}/{8} | ETA: ~{time} remaining                    ║
╚══════════════════════════════════════════════════════════════════╝

Expert Personas

Phase	Persona
1, 3, 7	Cybersecurity Veteran
2, 5	Code Auditor (Pentester)
4	Container Security Expert
6	Dependency Hunter
8	All Minds

Full persona descriptions in references/personas.md.

Phase Structure (1,000 Iterations)

Read Full Documentation on GitHub

Metadata

Author@dorukardahan

Stars2387

Updated2026-03-09

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-dorukardahan-ralph-ultra": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

research-reprompter

Transform rough research questions into executable USACF research prompts. Use when user says "research", "research this", "investigate", "deep dive", "researcher", or pastes a research topic. Generates complete multi-agent swarm configuration with algorithm selection, claude-flow commands, and adversarial review.

dorukardahan 2387

ralph-security

Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this project', 'new project security review', or 'check for vulnerabilities'. Covers OWASP Top 10, auth, secrets, infrastructure, and code quality.

dorukardahan 2387

skeall

Agent Skills (SKILL.md) builder, auditor, and improver for cross-platform LLM agents. Use for "skeall", "build a skill", "create skill", "improve skill", "audit skill", "skill review", or any SKILL.md question. Follows agentskills.io standard.

dorukardahan 2387

humanizer-enhanced

Advanced AI text humanizer for blog content. Detects and removes 34 AI writing patterns, adds personality/soul, and handles crypto/Web3 specific tells. Use when user says /humanizer, "humanize this", "remove AI patterns", "make it sound human", or asks to clean up blog posts, articles, or drafts. Features: 28 base patterns from Wikipedia's "Signs of AI writing", 6 crypto/Web3 specific patterns, severity scoring (HIGH/MEDIUM/LOW), stat attribution fixer, soul/personality injection, batch mode.

dorukardahan 2387

traktor

Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Triggers: "extract assets", "scrape website", "download site assets", "get all images from", or "/traktor url". Supports multiple URLs.

dorukardahan 2387