---

name: ralph-quick description: "Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan', 'spot check before deploy', or 'daily security check'. Covers secrets, OWASP basics, auth, rate limiting, and containers." metadata: { "openclaw": { "emoji": "🔍" }, "author": "dorukardahan", "version": "2.0.0", "category": "security", "tags": ["security", "audit", "owasp", "pre-deploy"] }

Ralph Quick — 10 Iterations (~5-10 min)

Fast security spot-check for pre-deployment or daily security hygiene.

References

• Severity definitions

Instructions

Execution Engine

YOU MUST follow this loop for EVERY iteration:

1. STATE: Read current iteration (start: 1)
2. ACTION: Perform ONE check from current phase
3. VERIFY: Before reporting FAIL — read actual code, check if a library handles it, check DB constraints, check if dev-only
4. REPORT: Output iteration result in the format below
5. INCREMENT: iteration = iteration + 1
6. CONTINUE: IF iteration <= 10 GOTO Step 1
7. FINAL: Generate summary report saved to .ralph-report.md

Critical rules:

• ONE check per iteration (not all at once)
• ALWAYS show iteration counter [QUICK-X/10]
• NEVER skip iterations
• If VERIFY is inconclusive: mark NEEDS_REVIEW, not FAIL

Per-Iteration Output

[QUICK-{N}/10] {check_name}
Target: {file or system component}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Finding: {description or "Clean"}
───────────────────────────────

Persona

Senior security engineer — evidence-based, critical focus, maximum efficiency.

Phase Structure

Iter	Check
1	Auto-detect stack, infra, git sync
2	.env in .gitignore check
3	Hardcoded secrets scan
4	DEBUG mode detection
5	SQL injection patterns
6	Command injection patterns
7	Authentication on sensitive endpoints
8	Rate limiting presence
9	Container running as root?
10	Summary & recommendations

Auto-Detect (Iteration 1)

Deterministic order:

1. git rev-parse --show-toplevel
2. Stack: package.json, pyproject.toml, requirements.txt, go.mod
3. Infra: Dockerfile, docker-compose.yml, k8s manifests
4. CI/CD: .github/workflows, .gitlab-ci.yml
5. Skip non-applicable checks, mark N/A

Confidence Levels

Level	Meaning
VERIFIED	Confirmed with code reading or PoC
LIKELY	Strong evidence, no PoC
PATTERN_MATCH	Keyword match only — flag for human review
NEEDS_REVIEW	Inconclusive

Severity

Level	CVSS	Response
CRITICAL	9.0-10.0	Stop and fix immediately
HIGH	7.0-8.9	Fix before deployment
MEDIUM	4.0-6.9	Schedule fix
LOW	0.1-3.9	Note for later

Report File

On start: if .ralph-report.md exists, rename to .ralph-report-{YYYY-MM-DD-HHmm}.md. Save final report at end.

Parameters

Param	Default	Options
--iterations	10	1-20
--focus	all	secrets, owasp, infra, all

Note: Parameters are AI-interpreted instructions, not parsed CLI args.

When to Use

• Pre-deployment quick check
• Daily security spot-check
• Verifying a specific fix

For deeper audits: /ralph-security (100), /ralph-ultra (1,000), /ralph-promax (10,000).