security-reviewer
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Why use this skill?
Enhance your DevSecOps with the Security Reviewer skill. Perform SAST scans, code audits, and infrastructure analysis with expert-grade security automation.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/veeramanikandanr48/pentestWhat This Skill Does
The security-reviewer skill is a specialized agentic capability designed to perform high-fidelity security assessments, code auditing, and infrastructure hardening. As a senior-level analyst, it automates the identification of security vulnerabilities through both static analysis (SAST) and logical manual review. The skill integrates industry-standard methodologies such as the OWASP Top 10 and CWE to identify common flaws like SQL injection, cross-site scripting (XSS), insecure direct object references, and hardcoded secrets. It is designed to act as a force multiplier for security teams, streamlining the DevSecOps lifecycle by providing immediate feedback on pull requests and infrastructure-as-code configurations.
Installation
To integrate this capability into your OpenClaw environment, execute the following installation command in your terminal:
clawhub install openclaw/skills/skills/veeramanikandanr48/pentest
Ensure you have the necessary permissions within your current project directory, as the tool may require read access to source code and configuration files to perform its analysis effectively.
Use Cases
This skill is highly versatile and serves multiple security functions:
- Continuous Integration/Deployment: Integrating into CI/CD pipelines to catch vulnerabilities before they reach production.
- Compliance Auditing: Comparing infrastructure configurations against CIS benchmarks and SOC2/ISO27001 requirements.
- Incident Response/Forensics: Scanning legacy codebases for hidden backdoors or insecure cryptographic implementations.
- Secure Code Review: Assisting developers by identifying patterns that could lead to data leakage or privilege escalation.
Example Prompts
- "Perform a SAST scan on the current directory and generate a report of all critical vulnerabilities found in the src/api folder."
- "Analyze this AWS Terraform configuration and identify any public S3 buckets or overly permissive IAM policies."
- "Review the authentication module in the current repository for potential race conditions or missing authorization checks."
Tips & Limitations
To maximize the effectiveness of the security-reviewer, ensure that all relevant documentation and scope definitions are provided. Always remember that automated tools have a margin of error; manual validation is crucial for reducing false positives. Never run active exploitation scripts on production systems. The skill is intended for authorized testing only and should be used within the bounds of your organization's legal and security policies. Treat all output as a professional recommendation requiring human verification before deploying remediation patches.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-veeramanikandanr48-pentest": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution, network-access
Related Skills
architecture-designer
Use when designing new system architecture, reviewing existing designs, or making architectural decisions. Invoke for system design, architecture review, design patterns, ADRs, scalability planning.
cli-developer
Use when building CLI tools, implementing argument parsing, or adding interactive prompts. Invoke for CLI design, argument parsing, interactive prompts, progress indicators, shell completions.
options-strategy-advisor
Options trading strategy analysis and simulation tool. Provides theoretical pricing using Black-Scholes model, Greeks calculation, strategy P/L simulation, and risk management guidance. Use when user requests options strategy analysis, covered calls, protective puts, spreads, iron condors, earnings plays, or options risk management. Includes volatility analysis, position sizing, and earnings-based strategy recommendations. Educational focus with practical trade simulation.
api-designer
Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.
research-paper-writer
Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.