code-security-review

Report only real risks, not manufactured panic. Covers injection, XSS, path traversal, insecure deserialization, authentication and authorization flaws, key leaks, insecure logging, command execution, and other common vulnerabilities.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code-security-review" with this command: npx skills add openlark/code-security-review

Code and System Security Review

Report only real risks, not manufactured panic.

Use Cases

Triggers when users request a security review, code audit, security check, vulnerability analysis, security assessment, penetration test, code scan, or security review.

Workflow

  1. Identify trust boundaries, user inputs, privileged operations, and sensitive data paths.
  2. Focus on checking for injection, path traversal, XSS, insecure deserialization, authentication and authorization flaws, key leaks, insecure logging, and command execution issues.
  3. Assess both exploitability and impact scope; do not exaggerate low-confidence issues.
  4. Mark risks with clear severity levels: critical, high, medium, low.
  5. Provide directly actionable remediation recommendations; prioritize providing code patches when possible.
  6. If the risk cannot be fully closed in this round, explain the residual risk and subsequent checkpoints.

Output Format

For each risk point, output:

  • Risk Point: Brief description of the issue's location and nature
  • Risk Level: critical | high | medium | low
  • Impact Description: Actual consequences if exploited
  • Remediation Plan: Specific, actionable steps to fix the issue
  • Patch: A code diff that can be directly applied (prioritize providing this)

When no risks are found, output a brief confirmation and do not fabricate issues.

Common Vulnerability Checklist

See references/checklist.md for details, covering the OWASP Top 10 and common attack surfaces.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Cloudflare Dns

Manage Cloudflare DNS records via API. Use when user asks to list, create, update, or delete DNS records, set up DDNS, manage domains on Cloudflare, or check DNS propagation. Supports A, AAAA, CNAME, TXT, MX, and other record types.

Registry SourceRecently Updated
1.2K0pushp1997
General

SIGNL4 Alerting

Send and close SIGNL4 alerts using the SIGNL4 inbound webhook (team secret in URL).

Registry SourceRecently Updated
1.1K1rons4
General

Static App

Deploy static websites to Static.app hosting. Use when the user wants to deploy, upload, or host a static site on Static.app. Triggers on phrases like "deploy to static.app", "upload to static", "host on static.app", "static.app deploy", or when working with the Static.app hosting service.

Registry SourceRecently Updated
1.5K2akellacom
General

Neural Memory

Associative memory with spreading activation for persistent, intelligent recall. Use PROACTIVELY when: (1) You need to remember facts, decisions, errors, or...

Registry SourceRecently Updated
10.7K9nhadaututtheky