此内容尚未提供您的语言版本,正在以英文显示。

Clawsec Scanner

技能已验证活跃

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.

目的

To automate the detection of vulnerabilities in agent platforms, ensuring the security and integrity of agent deployments.

功能

Automated dependency scanning (npm, pip)
CVE database integration (OSV, NVD, GitHub)
Static code analysis (Semgrep, Bandit)
Dynamic analysis of agent hooks (DAST)
Unified vulnerability reporting

使用场景

Scanning agent platform codebases for known vulnerabilities
Identifying security risks in project dependencies
Detecting common SAST issues like hardcoded secrets and injection flaws
Testing agent hooks for resilience against malicious inputs and timeouts

非目标

Performing remediation actions automatically
Scanning for runtime vulnerabilities in web applications (focus is on agent platforms)
Providing a cloud-based vulnerability management dashboard

安装

npx skills add prompt-security/clawsec

通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。

质量评分

已验证

100 /100

1 day ago 分析

信任信号

最近提交3 days ago

GitHub 所有者 prompt-security

星标983

许可证AGPL-3.0

网站prompt.security

状态

查看源代码

类似扩展

Security Reviewer

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.

技能

jeffallan

Senior Secops

Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.

技能

alirezarezvani

Dependency Management

Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.

技能

rampstackco

Dependency Audit

Dependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.

技能

bobmatnyc

Vector Setup

100

First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`

技能

ruvnet

Releasing Clickup Cli

100

发布 clickup-cli 的新版本到 npm，更新 Homebrew tap，编写发布说明，并同步 agent skill。在发布新版本、提升版本号或验证发布时使用。

技能

krodak