Securityreview
Skill by kylehuan
Why use this skill?
Enhance OpenClaw with professional-grade security auditing. Automatically scan your repository for vulnerabilities and follow strict security protocols.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/kylehuan/securityreviewWhat This Skill Does
The Securityreview skill is a specialized agent enhancement designed to transform your OpenClaw environment into a professional-grade security auditing suite. Developed by kylehuan, this skill empowers your AI agent to act as a senior security engineer, performing rigorous static analysis on your source code. It utilizes a standardized, methodology-driven approach to identify vulnerabilities, assess compliance with security best practices, and enforce the principles of least privilege and secure error handling. By integrating this skill, your agent gains the internal logic to methodically scan repositories for potential exploits, sensitive data leaks, and insecure code patterns, providing detailed, structured reports in the chat interface while maintaining workspace integrity by storing audit artifacts in a hidden .shield_security/ directory.
Installation
To integrate this security auditing capabilities into your project, ensure you have the OpenClaw CLI installed. Execute the following command in your terminal within your target project root:
clawhub install openclaw/skills/skills/kylehuan/securityreview
Once the installation completes, the agent will automatically register the necessary security scanning procedures and access rights required to perform deep-code inspection.
Use Cases
This skill is essential for development teams operating in high-security environments. Use cases include:
- Performing pre-commit security audits to catch OWASP Top 10 vulnerabilities.
- Evaluating legacy codebases for hidden security regressions before refactoring.
- Verifying that new feature implementations adhere to strict data-sanitization standards.
- Conducting automated, recurring security posture checks to ensure that no insecure dependencies or logic flows have been introduced during rapid development cycles.
Example Prompts
- "Can you perform a full security audit on the current repository and let me know if there are any SQL injection vulnerabilities?"
- "Review the authentication module in the /src/auth directory. Are we failing securely during invalid login attempts?"
- "Please execute a full-analyze on the project and store the findings in the security report folder."
Tips & Limitations
The Securityreview skill is strictly read-only by design; it will never modify your source code unless explicitly triggered by a dedicated command like /security:full-analyze. To get the best results, ensure your project structure is well-organized, as the agent relies on file naming conventions and directory context to accurately map cross-file dependencies. Note that this skill performs Static Analysis (SAST); it does not execute your code in a runtime environment, meaning it cannot detect vulnerabilities that only manifest during runtime execution or complex environment misconfigurations. Always combine these automated scans with manual peer review for critical production infrastructure.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-kylehuan-securityreview": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read