security-reviewer
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Why use this skill?
Enhance your DevSecOps with the Security Reviewer skill. Perform SAST scans, code audits, and infrastructure analysis with expert-grade security automation.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/veeramanikandanr48/pentestWhat This Skill Does
The security-reviewer skill is a specialized agentic capability designed to perform high-fidelity security assessments, code auditing, and infrastructure hardening. As a senior-level analyst, it automates the identification of security vulnerabilities through both static analysis (SAST) and logical manual review. The skill integrates industry-standard methodologies such as the OWASP Top 10 and CWE to identify common flaws like SQL injection, cross-site scripting (XSS), insecure direct object references, and hardcoded secrets. It is designed to act as a force multiplier for security teams, streamlining the DevSecOps lifecycle by providing immediate feedback on pull requests and infrastructure-as-code configurations.
Installation
To integrate this capability into your OpenClaw environment, execute the following installation command in your terminal:
clawhub install openclaw/skills/skills/veeramanikandanr48/pentest
Ensure you have the necessary permissions within your current project directory, as the tool may require read access to source code and configuration files to perform its analysis effectively.
Use Cases
This skill is highly versatile and serves multiple security functions:
- Continuous Integration/Deployment: Integrating into CI/CD pipelines to catch vulnerabilities before they reach production.
- Compliance Auditing: Comparing infrastructure configurations against CIS benchmarks and SOC2/ISO27001 requirements.
- Incident Response/Forensics: Scanning legacy codebases for hidden backdoors or insecure cryptographic implementations.
- Secure Code Review: Assisting developers by identifying patterns that could lead to data leakage or privilege escalation.
Example Prompts
- "Perform a SAST scan on the current directory and generate a report of all critical vulnerabilities found in the src/api folder."
- "Analyze this AWS Terraform configuration and identify any public S3 buckets or overly permissive IAM policies."
- "Review the authentication module in the current repository for potential race conditions or missing authorization checks."
Tips & Limitations
To maximize the effectiveness of the security-reviewer, ensure that all relevant documentation and scope definitions are provided. Always remember that automated tools have a margin of error; manual validation is crucial for reducing false positives. Never run active exploitation scripts on production systems. The skill is intended for authorized testing only and should be used within the bounds of your organization's legal and security policies. Treat all output as a professional recommendation requiring human verification before deploying remediation patches.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-veeramanikandanr48-pentest": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution, network-access
Related Skills
earnings-calendar
This skill retrieves upcoming earnings announcements for US stocks using the Financial Modeling Prep (FMP) API. Use this when the user requests earnings calendar data, wants to know which companies are reporting earnings in the upcoming week, or needs a weekly earnings review. The skill focuses on mid-cap and above companies (over $2B market cap) that have significant market impact, organizing the data by date and timing in a clean markdown table format. Supports multiple environments (CLI, Desktop, Web) with flexible API key management.
better-auth
Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
dividend-growth-pullback-screener
Use this skill to find high-quality dividend growth stocks (12%+ annual dividend growth, 1.5%+ yield) that are experiencing temporary pullbacks, identified by RSI oversold conditions (RSI ≤40). This skill combines fundamental dividend analysis with technical timing indicators to identify buying opportunities in strong dividend growers during short-term weakness.
cli-developer
Use when building CLI tools, implementing argument parsing, or adding interactive prompts. Invoke for CLI design, argument parsing, interactive prompts, progress indicators, shell completions.
options-strategy-advisor
Options trading strategy analysis and simulation tool. Provides theoretical pricing using Black-Scholes model, Greeks calculation, strategy P/L simulation, and risk management guidance. Use when user requests options strategy analysis, covered calls, protective puts, spreads, iron condors, earnings plays, or options risk management. Includes volatility analysis, position sizing, and earnings-based strategy recommendations. Educational focus with practical trade simulation.