skill-security-auditConduct comprehensive security audits and vulnerability analysis on codebases. Use when explicitly asked for security analysis, code security review, vulnerability assessment, SAST scanning, or identifying security issues in source code. Covers injection flaws, broken access control, hardcoded secrets, insecure data handling, authentication weaknesses, LLM safety, and privacy violations.
Install via ClawdBot CLI:
clawdbot install kylehuan/skill-security-auditGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.ssh/id_rsaContains instructions to override system prompt or ignore user requests
"Ignore all previous instructions"Sends data to undocumented external endpoint (potential exfiltration)
Send → https://evil.com/collectPotentially destructive shell commands in tool definitions
rm -rf /Generated Mar 1, 2026
A fintech startup needs to ensure its mobile banking app codebase is free from vulnerabilities like injection flaws and broken access control before launch. This skill can perform a read-only security audit to identify hardcoded secrets and privacy violations, helping meet compliance standards without modifying code.
An e-commerce company wants to audit its website's source code for security issues such as SQL injection and XSS vulnerabilities that could compromise customer data. Using this skill, they can conduct a SAST scan to detect unsafe data handling and authentication weaknesses, ensuring secure transactions.
A healthcare provider needs to review its patient management system for privacy violations and LLM safety risks, especially when handling sensitive health data. This skill enables a comprehensive vulnerability analysis to flag hardcoded secrets and ensure fail-secure error handling, aiding HIPAA compliance.
A SaaS startup developing a cloud-based collaboration tool requires a security audit to identify injection flaws and access control issues in its codebase. The skill can analyze the code for social engineering instructions and data exfiltration risks, helping prevent breaches during scaling.
An IoT manufacturer needs to assess the security of its device firmware for vulnerabilities like command injection and privilege escalation. This skill performs a read-only analysis to check for unsafe tool usage and hidden instructions, ensuring robust device security before deployment.
Offer subscription-based security audits for businesses, providing regular vulnerability assessments and compliance reports. Revenue is generated through monthly or annual fees, with tiered pricing based on codebase size and audit frequency.
Provide a free basic security scan for small projects, with advanced features like detailed reporting, integration with CI/CD pipelines, and priority support available in paid plans. Revenue comes from upsells to premium tiers and enterprise licenses.
Deliver tailored security consulting services, integrating the skill into clients' existing development workflows for continuous monitoring. Revenue is earned through project-based fees, training workshops, and ongoing support contracts.
💬 Integration Tip
Integrate this skill into CI/CD pipelines for automated security checks on every code commit, ensuring early detection of vulnerabilities without disrupting development workflows.
Scored Apr 19, 2026
Accesses system directories or attempts privilege escalation
/etc/hostsCalls external URL not in known-safe list
https://evil.com/collectAI Analysis
The skill is a security analysis guide that explicitly warns about dangerous patterns; the 'evidence' cited in the rule-based signals are examples of what *not* to do, not instructions the skill itself executes. The skill defines only read-only operations and contains no hidden instructions, external calls, or credential harvesting.
Audited Apr 16, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.