neckr0ik-security-suite

Complete security suite for OpenClaw skills. Includes scanner (detects vulnerabilities), fixer (auto-remediates issues), and compliance reports (SOC2, HIPAA, PCI-DSS). Bundle discount - all three tools for the price of two.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "neckr0ik-security-suite" with this command: npx skills add neckr0ik/neckr0ik-security-suite

Security Suite for OpenClaw Skills

Complete security toolkit: scan, fix, and certify your skills.

What's Included

1. Security Scanner

Detects 20+ vulnerability types:

  • Hardcoded secrets (API keys, passwords, tokens)
  • Shell injection risks
  • Code execution vulnerabilities
  • Prompt injection vectors
  • Path traversal risks
  • Network access issues
  • Dependency vulnerabilities

2. Security Fixer

Auto-fixes common issues:

  • Converts hardcoded secrets to environment variables
  • Rewrites shell commands safely
  • Adds prompt sanitization
  • Implements path validation
  • Generates .env.example templates

3. Compliance Reports

Generate certification reports for:

  • SOC 2 Type II
  • HIPAA
  • PCI-DSS
  • GDPR
  • Custom frameworks

Quick Start

# Scan a skill
neckr0ik-security-suite scan /path/to/skill

# Fix issues automatically
neckr0ik-security-suite fix /path/to/skill --auto

# Generate compliance report
neckr0ik-security-suite report /path/to/skill --framework soc2

# Full audit + fix + certify
neckr0ik-security-suite certify /path/to/skill --framework hipaa

Commands

scan

neckr0ik-security-suite scan <skill-path> [options]

Options:
  --format json|markdown|summary    Output format
  --severity critical|high|medium   Minimum severity to report
  --exclude <patterns>              File patterns to exclude

fix

neckr0ik-security-suite fix <skill-path> [options]

Options:
  --auto          Apply all fixes without prompting
  --dry-run       Show changes without applying
  --no-backup     Do not create backup files

report

neckr0ik-security-suite report <skill-path> [options]

Options:
  --framework soc2|hipaa|pci|gdpr   Compliance framework
  --format json|markdown|pdf        Output format
  --output <file>                   Output file path

certify

neckr0ik-security-suite certify <skill-path> [options]

Options:
  --framework soc2|hipaa|pci|gdpr   Compliance framework
  --auto-fix                        Apply fixes before certification
  --output <file>                   Certificate output path

Compliance Frameworks

SOC 2 Type II

Checks for:

  • Access controls (CC6.1)
  • Encryption (CC6.7)
  • Change management (CC8.1)
  • Risk mitigation (CC9.2)

HIPAA

Checks for:

  • PHI protection (§164.312)
  • Access controls (§164.312(a))
  • Audit controls (§164.312(b))
  • Integrity (§164.312(c))

PCI-DSS

Checks for:

  • Cardholder data protection (Req 3)
  • Encryption (Req 4)
  • Access control (Req 7-8)
  • Audit logs (Req 10)

GDPR

Checks for:

  • Data minimization (Art 5)
  • Security measures (Art 32)
  • Access controls (Art 32)
  • Audit trails (Art 30)

Sample Output

Compliance Report (SOC 2)

╔══════════════════════════════════════════════════════════════╗
║         SECURITY COMPLIANCE CERTIFICATE - SOC 2 TYPE II      ║
╠══════════════════════════════════════════════════════════════╣
║ Skill: my-ai-agent                                           ║
║ Version: 1.2.0                                               ║
║ Scan Date: 2026-03-06                                        ║
║ Framework: SOC 2 Type II                                     ║
╠══════════════════════════════════════════════════════════════╣
║ STATUS: ✅ COMPLIANT                                         ║
╠══════════════════════════════════════════════════════════════╣
║ Controls Checked:                                            ║
║   ✅ CC6.1 - Access Controls                                 ║
║   ✅ CC6.7 - Encryption                                       ║
║   ✅ CC8.1 - Change Management                               ║
║   ✅ CC9.2 - Risk Mitigation                                 ║
╠══════════════════════════════════════════════════════════════╣
║ Vulnerabilities Found: 0                                     ║
║ Warnings: 2 (documentation recommended)                      ║
║ Certificate ID: SOC2-2026-03-06-A7B3C9D2                     ║
╚══════════════════════════════════════════════════════════════╝

Integration

CI/CD Pipeline

# .github/workflows/security.yml
name: Security Audit

on: [push, pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Install Security Suite
        run: clawhub install neckr0ik-security-suite
      
      - name: Run Security Scan
        run: neckr0ik-security-suite scan ./skill/
      
      - name: Check Compliance
        run: neckr0ik-security-suite certify ./skill/ --framework soc2

Pre-commit Hook

#!/bin/bash
# .git/hooks/pre-commit

neckr0ik-security-suite scan ./skills/ --severity high
if [ $? -ne 0 ]; then
    echo "❌ Security issues found. Fix before committing."
    exit 1
fi

Pricing

ToolStandaloneIn Suite
Scanner$10✅ Included
Fixer$15✅ Included
Compliance$20✅ Included
Total$45$30

Save 33% with the suite bundle!

See Also

  • neckr0ik-security-scanner - Standalone scanner
  • neckr0ik-security-fixer - Standalone fixer
  • references/compliance-frameworks.md - Detailed framework requirements
  • scripts/suite.py - Main suite script

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Ai Citation Audit Kit

Audit AI-generated citations for existence, currency, source-to-claim alignment, and evidence risk before a report, essay, or brief is submitted.

Registry SourceRecently Updated
00harrylabsj
Security

ShieldCortex

Persistent memory and security system for AI agents. Stores memories with semantic search, knowledge graphs, and decay. Scans agent inputs/outputs for prompt...

Registry SourceRecently Updated
1.7K1jarvis-drakon
Security

Eks Workload Best Practice Assessment

Use when assessing or reviewing Kubernetes workloads running on Amazon EKS for best practice compliance, including pod configuration, security posture, obser...

Registry SourceRecently Updated
00panlm
Security

Aws Best Practice Research

Use when researching, compiling, or assessing best practices for any AWS service, building HA/DR/security checklists from official AWS documentation, or chec...

Registry SourceRecently Updated
00Profile unavailable