ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

security-analysis

Conduct comprehensive security audits and vulnerability analysis on codebases. Use when explicitly asked for security analysis, code security review, vulnerability assessment, SAST scanning, or identifying security issues in source code. Covers injection flaws, broken access control, hardcoded secrets, insecure data handling, authentication weaknesses, LLM safety, and privacy violations.

Why use this skill?

Use the OpenClaw security-analysis skill to audit your code, detect vulnerabilities, prevent data leaks, and maintain high standards of application security.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/kylehuan/skill-security-audit
Or

What This Skill Does

The security-analysis skill empowers your OpenClaw agent to act as a dedicated security auditor for your codebase. It performs rigorous, systematic reviews of source code to identify potential vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), broken access control, and hardcoded sensitive credentials. By following a strict operational framework, the agent acts as an automated security engineer, ensuring that your applications are developed with security as a primary consideration rather than an afterthought. It emphasizes the 'Principle of Least Privilege' and 'Fail Securely' paradigms, ensuring that all findings are reported clearly and stored appropriately within the project environment.

Installation

To install this skill, use the command: clawhub install openclaw/skills/skills/kylehuan/skill-security-audit.

Use Cases

  • Automated SAST: Perform Static Application Security Testing on pull requests before merging code to ensure no new vulnerabilities are introduced.
  • Secret Auditing: Automatically scan for inadvertently committed API keys, SSH private keys, or database credentials.
  • Authentication Review: Evaluate the integrity of authentication logic and authorization flows to ensure that users cannot access resources outside their permission scope.
  • LLM Safety: Analyze code interacting with LLM frameworks to detect potential prompt injection points or insecure data handling practices.

Example Prompts

  1. "Perform a comprehensive security audit on this directory and look for any hardcoded secrets or insecure API endpoints."
  2. "Review the authentication module in the current codebase for potential broken access control vulnerabilities."
  3. "Analyze the following source file for potential SQL injection flaws and suggest remediation steps."

Tips & Limitations

  • Read-Only Focus: This skill is strictly read-only. It will never modify your files. Artifacts are generated solely within the .shield_security/ directory.
  • Human-in-the-loop: While highly effective at identifying common patterns, automated analysis should always be verified by a human security professional for false positives or nuanced business logic flaws.
  • Data Privacy: Avoid using this tool on files containing highly sensitive PII unless necessary for the audit; always review the generated reports before sharing them externally.
Read Full Documentation on GitHub

Metadata

Author@kylehuan
Stars1656
Views1
Updated2026-02-28
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-kylehuan-skill-security-audit": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#sast#auditing#cybersecurity#vulnerability
Safety Score: 5/5

Flags: file-read

Related Skills

Securityreview

Skill by kylehuan

kylehuan 1656