sec-audit-cn在中国等地区进行代码安全审计、安全编码与评审时使用:覆盖 OWASP Top 10、鉴权与授权、密钥与配置、CORS/CSP、 输入校验与防注入、XSS/CSRF、依赖漏洞、日志与错误处理;输出分级结论与可执行修复建议。 适用于 Web/API、移动端后端、小程序服务端、涉及个人信息与支付回调的业务。
Install via ClawdBot CLI:
clawdbot install clawkk/sec-audit-cnGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
process.env.API_KEYPotentially destructive shell commands in tool definitions
curl | bashCalls external URL not in known-safe list
https://api.example.comAI Analysis
The skill definition is a legitimate security audit guide focused on code review and best practices. The rule-based signals (like accessing process.env.API_KEY) appear to be examples within educational code snippets, not actual credential harvesting. The external URL mentioned is likely a placeholder example, not evidence of data exfiltration.
Usage Guide
Loading usage data… refresh in a few seconds.
Scored Apr 19, 2026
Audited Apr 16, 2026 · audit v1.0
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.