Loading...
Loading...
Found 230 Skills
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Conduct thorough, constructive code reviews for quality and security. Use when reviewing pull requests, checking code quality, identifying bugs, or auditing security. Handles best practices, SOLID principles, security vulnerabilities, performance analysis, and testing coverage.
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Smart dependency management for any language. Auto-detects project type, applies safe updates automatically, prompts for major versions, diagnoses and fixes dependency issues.
Comprehensive code review for diffs. Analyzes changed code for security vulnerabilities, anti-patterns, and quality issues. Auto-detects domain (frontend/backend) from file paths.
Extract the Supabase anon/public API key from client-side code. This key is expected in client apps but important for RLS testing.
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection, supply chain risks, and data exfiltration patterns — before you install anything.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction - user: "Review AI provider logging" → ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage
Use this skill for proactive backend health audits in an InsForge project — security misconfigurations, performance regressions, and system health issues surfaced by `diagnose advisor`, plus the backend-side deep-dives that pair with each advisor issue. Also use this skill when a user reports backend-wide performance degradation (high CPU/memory, all responses slow, connection pool exhaustion, lock contention) without a single failing request. Trigger on requests like "health check", "audit my backend", "review security", "check RLS policies", "find slow queries", "backend performance review", "high CPU/memory", "everything is slow", "EC2/database/system health", or pre-launch readiness audits. For reactive runtime errors with a single concrete failing request (SDK error objects, HTTP 4xx/5xx, function failures, deploy failures), use `insforge-debug` instead.
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
Comprehensive toolkit for validating, linting, testing, and automating Jenkinsfile pipelines (both Declarative and Scripted). Use this skill when working with Jenkins pipeline files, validating pipeline syntax, checking best practices, debugging pipeline issues, or working with custom plugins.