security-scannerAutomated security scanning and vulnerability detection for web applications, APIs, and infrastructure. Use when you need to scan targets for vulnerabilities, check SSL certificates, find open ports, detect misconfigurations, or perform security audits. Integrates with nmap, nuclei, and other security tools.
Install via ClawdBot CLI:
clawdbot install dmx64/security-scannerAutomated security scanning toolkit for penetration testing and vulnerability assessment.
nmap -sV -sC -oN scan.txt TARGETnuclei -u TARGET -o results.txtsslscan TARGETFast initial scan for live hosts and open ports:
nmap -sn -T4 SUBNET # Host discovery
nmap -F TARGET # Fast port scan (top 100)Comprehensive port and service detection:
nmap -p- -sV -sC -A TARGET -oN full_scan.txtnuclei -u https://TARGET -t cves/ -t vulnerabilities/ -o web_vulns.txt
nikto -h TARGET -o nikto_report.txtsslscan TARGET
testssl.sh TARGETSave reports to reports/security-scan-YYYY-MM-DD.md with:
Generated Mar 1, 2026
Security teams use this skill to conduct authorized penetration tests on e-commerce websites, scanning for vulnerabilities like SQL injection or cross-site scripting in web applications and APIs. It helps identify weaknesses before attackers exploit them, ensuring customer data protection and compliance with PCI DSS standards.
IT security professionals in banks and financial firms employ this skill to audit internal infrastructure, checking for open ports, misconfigurations, and SSL/TLS weaknesses in servers and networks. This proactive scanning helps prevent data breaches and meets regulatory requirements such as GDPR or SOX.
Developers and DevOps engineers at tech startups use this skill to scan APIs for vulnerabilities like insecure endpoints or authentication flaws during development cycles. It integrates with tools like nuclei to automate detection, reducing risks in cloud-based applications and microservices.
Healthcare organizations leverage this skill to perform security scans on web applications and infrastructure handling patient data, ensuring compliance with HIPAA regulations. It detects vulnerabilities and generates reports for audits, helping maintain data integrity and avoid penalties.
Cybersecurity teams in government agencies use this skill to regularly scan public-facing websites and internal networks for vulnerabilities, using nmap and nuclei for comprehensive assessments. This supports national security initiatives by identifying and patching weaknesses in critical infrastructure.
Offer this skill as part of a monthly or annual subscription service, providing continuous security scanning and vulnerability reports to clients. Revenue is generated through recurring fees, with tiered pricing based on scan frequency and target scope, appealing to SMEs needing affordable security solutions.
Deploy this skill in a consulting model where security experts conduct one-time or periodic penetration tests and audits for clients. Revenue comes from project-based fees, with additional income from follow-up remediation services and training, targeting enterprises with complex security needs.
Integrate this skill into existing DevSecOps platforms or CI/CD pipelines, selling it as an add-on for automated security scanning during development. Revenue is generated through licensing fees or per-scan charges, catering to tech companies looking to embed security into their agile workflows.
💬 Integration Tip
Integrate this skill into CI/CD pipelines using automation scripts to run scans on staging environments before deployment, ensuring vulnerabilities are caught early without disrupting production.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.