Security
Security scanning and vulnerability detection
file-uploads
by dadbodgeoff
Production-grade secure file upload pipeline with multi-stage validation, malware scanning (ClamAV), hash-based duplicate detection, and race condition protection using distributed locks.
蓝鲸代码安全三大红线
by TencentBlueKing
基于 IEG 安全规范,覆盖输入校验、鉴权、数据加密三大高危领域
Node.js 安全审查
by TencentBlueKing
检查 RCE、SSRF、SQL 注入、路径穿越等安全问题,支持 Express/Koa/NestJS
Web 安全漏洞学习指南
by TencentBlueKing
OWASP 十大漏洞原理、影响与修复方案,覆盖 Python/Java 场景
JavaScript 安全审查
by TencentBlueKing
检查 XSS、CSRF、原型污染等安全问题,支持 React/Vue/Angular
audit-logging
by dadbodgeoff
Comprehensive audit logging for compliance and security. Track user actions, data changes, and system events with tamper-proof storage.
error-sanitization
by dadbodgeoff
Production-safe error handling that logs full details server-side while exposing only generic, safe messages to users. Prevents information leakage of database strings, file paths, stack traces, and API keys.
k8s-policy
by rohitg00
Kubernetes policy management with Kyverno and Gatekeeper. Use when enforcing security policies, validating resources, or auditing policy compliance.
security-checklist
by Leavesfly
OWASP 安全检查清单
config-hardener
by UseAI-pro
"Audit and harden your OpenClaw configuration. Checks AGENTS.md, gateway settings, sandbox config, and permission policies for security weaknesses."
setup-auditor
by UseAI-pro
"Audit your OpenClaw environment for credential leaks, unsafe defaults, and missing sandbox configuration. Wizard-style: answers questions about your setup and produces a fix checklist."
credential-scanner
by UseAI-pro
"Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration."
skill-guard
by UseAI-pro
"Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands. Flags anomalous behavior and enforces permission boundaries."
prompt-guard
by UseAI-pro
"Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources. Prevents instruction hijacking and context manipulation."
permission-auditor
by UseAI-pro
"Analyze OpenClaw skill permissions and explain exactly what each permission allows. Identifies over-privileged skills and suggests minimal permission sets."
incident-responder
by UseAI-pro
"Step-by-step incident response for OpenClaw security breaches. Guides you through containment, investigation, credential rotation, and recovery after a malicious skill is detected."
network-watcher
by UseAI-pro
"Audit and monitor network requests made by OpenClaw skills. Detects data exfiltration, unauthorized API calls, and suspicious outbound connections."
k8s-certs
by rohitg00
Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
k8s-security
by rohitg00
Audit Kubernetes RBAC, enforce policies, and manage secrets. Use for security reviews, permission audits, policy enforcement with Kyverno/Gatekeeper, and secret management.
skill-auditor
by UseAI-pro
"Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection, supply chain risks, and data exfiltration patterns — before you install anything."
api-security
by williamzujkowski
Broken Object Level Authorization (BOLA) - API fails to validate user
security-specialist
by truongnat
Elite security engineering based on threat modeling, defensive coding, vulnerability management, and compliance standards. Focused on the "Security-by-Design" philosophy.
code-review
by markus41
Comprehensive code review knowledge including security, performance, accessibility, and quality standards across multiple languages and frameworks
ctf-solver
by HacktronAI
Solve CTF (Capture The Flag) challenges by analyzing challenge descriptions, source code, and interacting with challenge environments to capture flags.