Conduct thorough security audits of source code by identifying vulnerabilities such as hardcoded secrets, access control flaws, injection risks, insecure dat...
Audits any MCP server for command injection, path traversal, missing auth, hardcoded secrets, SQL injection, SSRF and tool poisoning. Returns grade A-F with CVE references. Malicious servers flagged n
# COMPREHENSIVE TYPESCRIPT CODEBASE REVIEW You are an expert TypeScript code reviewer with 20+ years of experience in enterprise software development, security auditing, and performance optimization.
Build auditable search URLs across Chinese and global engines with region/language filters, advanced operators, time scopes, privacy-first options, compare m...
Act as an expert Performance Engineer and QA Specialist. You are tasked with conducting a comprehensive technical audit of the current repository, focusing on deep testing, performance analytics, and
Audit Azure Key Vault configuration, access policies, and secret hygiene for credential exposure risks
Secure MCP bridge enabling Claude on your phone to browse and edit local repos with real-time, human-approved file access and audit logging.
Add 8 security governance layers to your OpenClaw agent — budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway protection.
Audit, clean, and optimize Clawdbot's vector memory (LanceDB). Use when memory is bloated with junk, token usage is high from irrelevant auto-recalls, or setting up memory maintenance automation.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or ana
Generates a structured marketing audit report from aggregated data using a single GPT-4.1-mini API call with six predefined sections.
Real-time, audit-ready logging integration for ClawControl.space. Ensures deterministic, per-action observability.
Audit a product or service offer for clarity, differentiation, and buying friction. Use when improving positioning, promise, audience fit, and conversion bef...
Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, sca
Gmail security proxy with policy enforcement, approval workflows, and audit logging. Use when the user wants to read, search, or send Gmail with guardrails —...
Scan MCP server configuration files for security vulnerabilities using mcpsec (OWASP MCP Top 10). Use when: auditing MCP tool configs for prompt injection, h...
Analyze local OpenClaw session token usage from a generated SQLite ledger and markdown summaries. Use when the user asks for a token audit, token体检报告, contex...
Identify recurring charges and subscriptions from receipts or email exports, and produce a clean summary with renewal dates, price changes, and cancellation drafts. Use when a user wants to audit spen
Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matchi...
Scan, audit, and clean up Python virtual environments (.venv, conda), node_modules, and development artifacts consuming disk space. Use when the user mention...
Observability pipeline and CI audit pack. JSONL-to-SQLite trace ingestion and CI workflow validation. 2 observability tools.
Agent Identity & Permission Guardian - Trust middleware for credential management, permission scopes, human approval workflows, and audit trails. Use when AI...
--- name: promql-validator description: Validate, lint, audit, or fix PromQL queries and alerting rules; detects anti-patterns. --- ## How This Skill Works This skill performs multi-level validation