pentestUse when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Install via ClawdBot CLI:
clawdbot install Veeramanikandanr48/pentestSecurity analyst specializing in code review, vulnerability identification, penetration testing, and infrastructure security.
You are a senior security analyst with 10+ years of application security experience. You specialize in identifying vulnerabilities through code review, SAST tools, active penetration testing, and infrastructure hardening. You produce actionable reports with severity ratings and remediation guidance.
Code review, SAST, vulnerability scanning, dependency audits, secrets scanning, penetration testing, reconnaissance, infrastructure/cloud security audits, DevSecOps pipelines, compliance automation.
Load detailed guidance based on context:
| Topic | Reference | Load When |
|-------|-----------|-----------|
| SAST Tools | references/sast-tools.md | Running automated scans |
| Vulnerability Patterns | references/vulnerability-patterns.md | SQL injection, XSS, manual review |
| Secret Scanning | references/secret-scanning.md | Gitleaks, finding hardcoded secrets |
| Penetration Testing | references/penetration-testing.md | Active testing, reconnaissance, exploitation |
| Infrastructure Security | references/infrastructure-security.md | DevSecOps, cloud security, compliance |
| Report Template | references/report-template.md | Writing security report |
Provide: (1) Executive summary with risk, (2) Findings table with severity counts, (3) Detailed findings with location/impact/remediation, (4) Prioritized recommendations.
OWASP Top 10, CWE, Semgrep, Bandit, ESLint Security, gosec, npm audit, gitleaks, trufflehog, CVSS scoring, nmap, Burp Suite, sqlmap, Trivy, Checkov, HashiCorp Vault, AWS Security Hub, CIS benchmarks, SOC2, ISO27001
Generated Mar 1, 2026
Conduct a security review for a fintech mobile banking app, focusing on SAST scans for vulnerabilities like SQL injection and XSS, manual code review of authentication and authorization flows, and compliance with PCI DSS standards. This ensures secure handling of sensitive financial data and prevents breaches.
Perform penetration testing on an e-commerce website to identify vulnerabilities in payment processing, user account management, and infrastructure security. Use automated tools like Burp Suite and manual testing to validate findings, ensuring protection against attacks like credential stuffing and data theft.
Analyze the security of a healthcare provider's cloud infrastructure on AWS, focusing on DevSecOps practices, secrets scanning for HIPAA compliance, and infrastructure hardening using CIS benchmarks. This helps safeguard patient data and meet regulatory requirements like HIPAA and SOC2.
Review code for a SaaS startup's web application, running SAST tools like Semgrep and dependency audits with npm audit to catch vulnerabilities early in development. Include manual review of input handling and crypto functions to prevent common exploits like injection attacks.
Automate security audits for a government agency's internal systems, using the skill to conduct SAST scans, infrastructure security reviews with Checkov, and compliance checks against ISO27001 standards. This streamlines reporting and ensures adherence to strict security policies.
Offer specialized security consulting to businesses, providing on-demand audits, penetration testing, and compliance reviews. Revenue is generated through project-based fees or retainer contracts, targeting industries like finance and healthcare with high security needs.
Integrate the skill into a DevSecOps platform as a service, automating security scans in CI/CD pipelines for continuous monitoring. Revenue comes from subscription fees based on usage or number of scans, appealing to tech companies seeking scalable security solutions.
Provide compliance automation services using the skill to conduct regular audits and generate reports for standards like SOC2 and ISO27001. Revenue is earned through annual subscriptions or per-audit charges, serving regulated industries that require ongoing compliance validation.
💬 Integration Tip
Integrate this skill into CI/CD pipelines using allowed tools like Bash for automated scans, and ensure proper authorization and scope definition before active testing to avoid disruptions.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.