AI Agent Skill HUB

security-auditor-skill

扫描指定目录或文件中的安全漏洞(特别是针对 macOS/Linux 的恶意安装脚本、Base64 混淆、反向 Shell)。当用户要求“检查安全”、“扫描漏洞”、“审计代码”或怀疑某个 Skill/Repo 有毒时触发。

16 stars
bydiegosouzapw
View on GitHubInstallation ↓

Best use case

security-auditor-skill is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

扫描指定目录或文件中的安全漏洞(特别是针对 macOS/Linux 的恶意安装脚本、Base64 混淆、反向 Shell)。当用户要求“检查安全”、“扫描漏洞”、“审计代码”或怀疑某个 Skill/Repo 有毒时触发。

Teams using security-auditor-skill should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security-auditor-skill/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/testing-security/security-auditor-skill/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security-auditor-skill/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security-auditor-skill Compares

Feature / Agentsecurity-auditor-skillStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

扫描指定目录或文件中的安全漏洞(特别是针对 macOS/Linux 的恶意安装脚本、Base64 混淆、反向 Shell)。当用户要求“检查安全”、“扫描漏洞”、“审计代码”或怀疑某个 Skill/Repo 有毒时触发。

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Auditor Skill

## 核心能力
本 Skill 用于对不明来源的代码仓库(特别是 Agent Skills)进行静态安全审计。
它专注于发现“投毒”痕迹,如:
- `curl | bash` 模式的隐蔽执行
- Base64 编码的恶意载荷
- 针对 macOS (Quarantine removal) 或 Linux 的系统篡改命令
- 伪装成文本的可执行二进制文件

## 使用方法 (Usage)
1.  **扫描特定目录**: "扫描这个目录: `/path/to/skill`"
2.  **默认扫描**: "扫描当前所有 Skills" (默认路径需在 Prompt 中确认, 通常为 `~/.openclaw/skills`)
3.  **处理结果**: 扫描完成后,Skill 会输出一份报告。用户可以告知 "将 xxxx 加入白名单" 以消除误报。

## 路由逻辑 (Routing)

### 1. 执行扫描
当用户请求扫描时,执行 `scripts/security_scanner.py`。

**Args**:
- `target_path`: 用户指定的绝对路径。若未指定,询问用户或使用当前工作区。
- `whitelist_path`: 默认为 `data/whitelist.json`。

**Script Command**:
```bash
python scripts/security_scanner.py --target "TARGET_PATH" --whitelist "data/whitelist.json"
```

### 2. 解读报告 (Interpretation)
脚本将输出 JSON 格式的结果。你必须将其转换为易读的 Markdown 表格:
- 🚨 **CRITICAL**: 必须高亮警告,建议用户**绝对不要执行**该文件。
- ⚠️ **HIGH/WARNING**: 提示风险,需用户人工复核代码。
- ✅ **SAFE**: 未发现已知特征。

### 3. 白名单管理
如果用户确认某个 `CRITICAL/HIGH` 实际上是误报(例如正常的模型下载),
**不要** 修改 Python 脚本。
而是**指导用户**(或由 Agent 代劳)将该文件的 Hash 或特征名称更新到 `data/whitelist.json` 中。

Related Skills

web-security-testing

16
from diegosouzapw/awesome-omni-skill

Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.

typo3-security

16
from diegosouzapw/awesome-omni-skill

Security hardening checklist and best practices for TYPO3 v13/v14 installations, covering configuration, file permissions, and common vulnerabilities.

telecom-security

16
from diegosouzapw/awesome-omni-skill

Assess telecommunications infrastructure security including VoIP/SIP, SS7/Diameter, cellular networks, SMS-based authentication, and telephony-integrated applications. Identifies vulnerabilities in phone-based verification, call routing, and telecom protocol implementations. Use when auditing SMS 2FA, VoIP systems, IVR applications, or any telephony-dependent security controls.

tauri-security-rules

16
from diegosouzapw/awesome-omni-skill

Security-related rules for Tauri application development.

system-reality-auditor

16
from diegosouzapw/awesome-omni-skill

Performs a triple-point audit to synchronize codebase, database schema, and project documentation states. Use this skill to align the PRD, Gap Analysis, and Execution Plan with the actual system reality.

sqlserver-security

16
from diegosouzapw/awesome-omni-skill

Audits and hardens SQL Server security including login management, permission reviews, TDE encryption, SQL Server Audit configuration, and surface area reduction. Use when performing security reviews, setting up new instances, responding to security incidents, or preparing for compliance audits.

spring-security

16
from diegosouzapw/awesome-omni-skill

Spring Security 6 patterns for authentication, authorization, and OAuth2

solidity-security

16
from diegosouzapw/awesome-omni-skill

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementin...

software-security-appsec

16
from diegosouzapw/awesome-omni-skill

Modern application security patterns aligned with OWASP Top 10 (2021) and OWASP Top 10:2025 Release Candidate, OWASP API Security Top 10 (2023), NIST SSDF, zero trust, supply chain security, authentication, authorization, input validation, and cryptography.

slack-auth-security

16
from diegosouzapw/awesome-omni-skill

OAuth flows, token management, and security best practices for Slack apps. Use when implementing app distribution, multi-workspace installations, token storage and rotation, managing scopes and permissions, or securing production Slack applications.

securitytrails-automation

16
from diegosouzapw/awesome-omni-skill

Automate Securitytrails tasks via Rube MCP (Composio). Always search tools first for current schemas.

security

16
from diegosouzapw/awesome-omni-skill

Use this skill when designing or reviewing systems where security is a concern - authentication, authorization, data protection, input handling, or any system processing untrusted input. Applies adversarial thinking to specifications, designs, and implementations.