security-audit
Audit codebases, infrastructure, AND agentic AI systems for security issues. Covers traditional security (dependencies, secrets, OWASP web top 10, SSL/TLS, file permissions) PLUS agentic security (prompt injection scanning, identity spoofing detection, memory poisoning checks, multi-agent communication audit, OWASP Agentic Top 10). Use when scanning for vulnerabilities, detecting hardcoded secrets, reviewing agent workspace configuration, checking prompt injection vectors, or auditing agent permissions and boundaries.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/kingrubic/agentic-security-auditSecurity Audit
Scan, detect, and fix security issues in codebases and infrastructure. Covers dependency vulnerabilities, secret detection, OWASP top 10, SSL/TLS verification, file permissions, and secure coding patterns.
When to Use
- Scanning project dependencies for known vulnerabilities
- Detecting hardcoded secrets, API keys, or credentials in source code
- Reviewing code for OWASP top 10 vulnerabilities (injection, XSS, CSRF, etc.)
- Verifying SSL/TLS configuration for endpoints
- Auditing file and directory permissions
- Checking authentication and authorization patterns
- Preparing for a security review or compliance audit
Dependency Vulnerability Scanning
Node.js
# Built-in npm audit
npm audit
npm audit --json | jq '.vulnerabilities | to_entries[] | {name: .key, severity: .value.severity, via: .value.via[0]}'
# Fix automatically where possible
npm audit fix
# Show only high and critical
npm audit --audit-level=high
# Check a specific package
npm audit --package-lock-only
# Alternative: use npx to scan without installing
npx audit-ci --high
Python
# pip-audit (recommended)
pip install pip-audit
pip-audit
pip-audit -r requirements.txt
pip-audit --format=json
# safety (alternative)
pip install safety
safety check
safety check -r requirements.txt --json
# Check a specific package
pip-audit --requirement=- <<< "requests==2.25.0"
Go
# Built-in vuln checker
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
# Check specific binary
govulncheck -mode=binary ./myapp
Rust
# cargo-audit
cargo install cargo-audit
cargo audit
# With fix suggestions
cargo audit fix
Universal: Trivy (scans any project)
# Install: https://aquasecurity.github.io/trivy
# Scan filesystem
trivy fs .
# Scan specific language
trivy fs --scanners vuln --severity HIGH,CRITICAL .
# Scan Docker image
trivy image myapp:latest
# JSON output
trivy fs --format json -o results.json .
Secret Detection
Manual grep patterns
# AWS keys
grep -rn 'AKIA[0-9A-Z]\{16\}' --include='*.{js,ts,py,go,java,rb,env,yml,yaml,json,xml,cfg,conf,ini}' .
# Generic API keys and tokens
grep -rn -i 'api[_-]\?key\|api[_-]\?secret\|access[_-]\?token\|auth[_-]\?token\|bearer ' \
--include='*.{js,ts,py,go,java,rb,env,yml,yaml,json}' .
# Private keys
grep -rn 'BEGIN.*PRIVATE KEY' .
# Passwords in config
grep -rn -i 'password\s*[:=]' --include='*.{env,yml,yaml,json,xml,cfg,conf,ini,toml}' .
# Connection strings with credentials
grep -rn -i 'mongodb://\|mysql://\|postgres://\|redis://' --include='*.{js,ts,py,go,env,yml,yaml,json}' . | grep -v 'localhost\|127.0.0.1\|example'
# JWT tokens (three base64 segments separated by dots)
grep -rn 'eyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.' --include='*.{js,ts,py,go,log,json}' .
Automated scanning with git
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-kingrubic-agentic-security-audit": {
"enabled": true,
"auto_update": true
}
}
}