security-audit
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Best use case
security-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Teams using security-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-audit Compares
| Feature / Agent | security-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Audit Skill ## When to use Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically. ## Setup No external dependencies required. Uses native system tools where available. ## How to ### Quick audit (common issues) ```bash node skills/security-audit/scripts/audit.cjs ``` ### Full audit (comprehensive scan) ```bash node skills/security-audit/scripts/audit.cjs --full ``` ### Auto-fix common issues ```bash node skills/security-audit/scripts/audit.cjs --fix ``` ### Audit specific areas ```bash node skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports node skills/security-audit/scripts/audit.cjs --configs # Validate configuration node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions node skills/security-audit/scripts/audit.cjs --docker # Docker security checks ``` ### Generate report ```bash node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json ``` ## Output The audit produces a report with: | Level | Description | |-------|-------------| | 🔴 CRITICAL | Immediate action required (exposed credentials) | | 🟠 HIGH | Significant risk, fix soon | | 🟡 MEDIUM | Moderate concern | | 🟢 INFO | FYI, no action needed | ## Checks Performed ### Credentials - API keys in environment files - Tokens in command history - Hardcoded secrets in code - Weak password patterns ### Ports - Unexpected open ports - Services exposed to internet - Missing firewall rules ### Configs - Missing rate limiting - Disabled authentication - Default credentials - Open CORS policies ### Files - World-readable files - Executable by anyone - Sensitive files in public dirs ### Docker - Privileged containers - Missing resource limits - Root user in container ## Auto-Fix The `--fix` option automatically: - Sets restrictive file permissions (600 on .env) - Secures sensitive configuration files - Creates .gitignore if missing - Enables basic security headers ## Related skills - `security-monitor` - Real-time monitoring (available separately)
Related Skills
vibe-code-auditor
Audit rapidly generated or AI-produced code for structural flaws, fragility, and production risks.
skill-security-auditor
Scan and audit AI agent skills for security risks before installation. Produces a
seo-audit
Diagnose and audit SEO issues affecting crawlability, indexation, rankings, and organic performance. Use when the user asks for an SEO audit, technical SEO review, ranking diagnosis, on-page SEO review, meta tag audit, or SEO health check. This skill identifies issues and prioritizes actions but does not execute changes. For large-scale page creation, use programmatic-seo. For structured data, use schema-markup.
security-compliance-compliance-check
You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide im...
pre-push-security-scan
【铁律】Git push 前必须执行的安全扫描。防止 API keys、tokens、passwords、私钥等敏感信息被推送到远程仓库。适用于所有 git push、gh pr create、代码同步等场景。
performing-security-code-review
This skill provides automated assistance for security agent tasks Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
dependency-auditor
Audit project dependencies for vulnerabilities, license risks, upgrade planning, and ecosystem health across multiple languages.
afrexai-compliance-audit
Run internal compliance audits against major governance and security frameworks, highlighting gaps, risks, and remediation priorities.
accessibility-compliance-accessibility-audit
You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance.
wemp-operator
> 微信公众号全功能运营——草稿/发布/评论/用户/素材/群发/统计/菜单/二维码 API 封装
zsxq-smart-publish
Publish and manage content on 知识星球 (zsxq.com). Supports talk posts, Q&A, long articles, file sharing, digest/bookmark, homework tasks, and tag management. Use when publishing content to 知识星球, creating/editing posts, uploading files/images/audio, managing digests, batch publishing, or formatting content for 知识星球.
zoom-automation
Automate Zoom meeting creation, management, recordings, webinars, and participant tracking via Rube MCP (Composio). Always search tools first for current schemas.