🔐 Security & Audit AI Skills

Set up authorized C2 simulation workflows and measure defensive detection outcomes.

Test authentication and session management controls for bypass and account takeover scenarios.

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.

Helps measure the concentration of trust roots in a skill's attestation graph — identifying monoculture risk where a single compromised root invalidates an e...

Manage Wallabag bookmarks through the Wallabag Developer API with OAuth2 authentication, including creating, reading, updating, deleting, searching, and tag...

Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports.

Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.

Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this pr...

Share code snippets and files securely via snipit.sh with AES-256 encryption. Use when sharing code, configs, logs, diffs, or secrets with password protection, burn-after-read, or auto-expiration. Supports CLI (snipit) or curl API fallback.

扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码，提供检测结果和安全评分建议。

Sanitize log entries by removing passwords, tokens, and other sensitive patterns using Expanso Edge pipelines.

Encrypted distributed storage using Archon DID vaults. Manage vaults, backup and restore workspace/config/memory with multi-party access control. Use for cre...

Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local k...

Tracks data provenance and lineage by tracing sources, logging transformations, and auditing anchors to ensure data auditability and compliance.

Find profitable business opportunities in any niche by scanning Twitter, web, Reddit, and Product Hunt for unmet needs and pain points. Scores each opportuni...

Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patte...

Build and maintain Convex backends with schema-safe modeling, query and mutation patterns, auth guards, and production rollout checks.

エージェント向けプロンプト・インジェクション防御チェックリスト

Audit de sécurité proactif des déploiements OpenClaw. Détecte et remédie aux 4 gaps critiques/hauts identifiés dans openclaw/openclaw : SQL injection (C1), s...

Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or package manager operation.

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts...

Advanced prompt injection defense with multi-layer protection, memory integrity, and tool security wrapper. OWASP LLM Top 10 2026 compliant.

Redact personally identifiable information from text by replacing sensitive data with placeholders using Expanso Edge pipelines.