afrexai-cybersecurity-engineComplete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident...
Install via ClawdBot CLI:
clawdbot install 1kalin/afrexai-cybersecurity-engineGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
exec(Calls external URL not in known-safe list
https://api.yourdomain.com;AI Analysis
The skill definition contains no evidence of data exfiltration, credential harvesting, or malicious external calls. The only external reference (https://api.yourdomain.com) appears to be a placeholder example for documentation purposes. However, the presence of exec() in tool definitions warrants caution as it could enable arbitrary command execution if misconfigured.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
A tech startup preparing for Series A funding needs a comprehensive security assessment to satisfy investor due diligence. They have a web application built with modern frameworks, cloud infrastructure, and handle user PII. The skill conducts a quick health check, full assessment brief, and threat modeling to identify critical gaps and create a remediation roadmap.
A healthcare provider developing a patient portal must comply with HIPAA regulations. The skill assesses the application for PHI handling, identifies vulnerabilities like unencrypted data or weak access controls, and models threats using STRIDE to ensure data confidentiality and integrity, supporting audit readiness.
An e-commerce platform handling payments and customer data requires penetration testing to secure against OWASP Top 10 risks like broken access control and injection attacks. The skill performs threat modeling on components like payment gateways and databases, prioritizing fixes based on risk scores to prevent breaches.
A financial services firm experiences a security incident and needs to enhance their incident response capabilities. The skill helps model threats, assess existing controls, and design a security program with logging and monitoring improvements to detect and respond to future attacks effectively.
A manufacturer of IoT devices wants to secure their embedded systems against tampering and denial-of-service attacks. The skill assesses the device firmware, network communications, and cloud backend, using threat modeling to identify trust boundaries and recommend hardening measures for production deployment.
Offer on-demand cybersecurity assessments and threat modeling as a service to clients across industries. Use the skill to generate detailed reports, prioritize risks, and provide actionable recommendations, charging per assessment or on a retainer basis for ongoing support.
Target regulated industries like healthcare and finance by providing compliance-focused security audits. Leverage the skill to map assessments to standards like HIPAA or PCI DSS, helping clients achieve and maintain certification through continuous monitoring and remediation guidance.
Integrate the skill into developer workflows to offer hands-on security training and code review services. Use the checklists and threat modeling exercises to educate teams on secure coding practices, reducing vulnerabilities early in the SDLC and improving overall security posture.
💬 Integration Tip
Integrate this skill into CI/CD pipelines by automating quick health checks during builds and using the full assessment brief for periodic security reviews to catch issues early.
Scored Apr 19, 2026
Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
Scan networks to discover devices, gather MAC addresses, vendors, and hostnames. Includes safety checks to prevent accidental scanning of public networks.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guida...
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.