Loading...
Loading...
Found 2,566 Skills
Use this skill whenever the user asks for a security analysis, vulnerability assessment, security audit, or any form of Security Assessment Report (SAR) over a codebase, infrastructure, API, database, or system. Triggers include: "audit my code", "find security issues", "run a security check", "generate a SAR", "check for vulnerabilities", "is this code secure", or any request that involves evaluating the security posture of a project. Also triggers when the user uploads or references source code, config files, environment variables, or architecture diagrams and asks for a security opinion. Do NOT use for generic coding tasks, code reviews focused on quality rather than security, or performance optimization unless a security angle is explicitly present.
Smoke test for alicloud-security-id-verification-cloudauth. Validate minimal authentication, API reachability, and one read-only query path.
Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices.
Professional Skills and Methodologies for Cloud Security Audits
Audit and harden your OpenClaw configuration. Checks AGENTS.md, gateway settings, sandbox config, and permission policies for security weaknesses.
Test skill for security scanning
Test skill for security scanning
This skill covers designing and implementing security zones and conduits for industrial automation and control systems (IACS) per IEC 62443-3-2. It addresses zone partitioning based on risk assessment, assigning Security Level targets (SL-T), designing conduit security controls, implementing microsegmentation with industrial firewalls, and validating zone architecture through traffic analysis and penetration testing against the Purdue Reference Model.
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.
Check for security risks in Skills/code repositories. When the user wants to check if a skill, GitHub repository, npm package, or local code is safe to download or use. This includes detecting malicious code, malware, key stealing, environment variable modification, suspicious network behavior, and evaluating repository reputation (stars, forks, contributors, age). Use this skill whenever the user mentions checking skills for security risks, scanning repositories for malware, verifying code safety, checking npm packages for threats, or asking if a download is safe.
Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.