Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

security-auditor

Name: Security Auditor
Author: vibeforge1111

// Audit local-agent systems, specs, and code for security weaknesses and hardening priorities. Use when reviewing Spark Intelligence features, security-sensitive diffs, identity or pairing flows, host-execution boundaries, webhook adapters, auth and secret handling, or when producing a security grade and remediation list that others can reuse later.

Ejecutar en Manus

$ git log --oneline --stat

stars:2

forks:18

updated:25 de marzo de 2026, 12:16

Explorador de archivos

4 archivos

SKILL.md

readonly

name	security-auditor
description	Audit local-agent systems, specs, and code for security weaknesses and hardening priorities. Use when reviewing Spark Intelligence features, security-sensitive diffs, identity or pairing flows, host-execution boundaries, webhook adapters, auth and secret handling, or when producing a security grade and remediation list that others can reuse later.

Security Auditor

Use this skill when work touches:

security review
pre-landing diff review
trust-boundary grading
hardening backlog creation
local-agent security posture checks
reusable audit reports for other builders

Read First

docs/SECURITY_DOCTRINE_V1.md
docs/IDENTITY_AND_SESSION_MODEL_SPEC_V1.md
docs/PROVIDER_AND_AUTH_CONFIG_SPEC_V1.md
docs/CODING_RULESET_V1.md
docs/SECURITY_RESEARCH_PLAN_HERMES_OPENCLAW.md
docs/OPENCLAW_HERMES_SECURITY_HISTORY_ANALYSIS_2026-03-25.md

Then read:

references/audit-framework.md
references/competitor-findings.md

Core Doctrine

Audit for real security failures first:

identity confusion
host takeover paths
dangerous defaults
weak approvals
secret leakage
cross-session leakage

Do not get distracted by style before those are clear.

Workflow

Identify the artifact being reviewed.
Map the relevant trust boundaries.
Check identity, session, auth, host, webhook, secret, and logging behavior.
Compare the design against known OpenClaw and Hermes hardening classes.
Grade the system.
Produce severity-first findings and a hardening order.

Required Outputs

Return these explicitly:

security grade
critical findings
high findings
medium findings
low findings
open questions
hardening priorities
required tests

Review Rules

findings first
exploit paths before theory
boundary mistakes before optional improvements
remediation order before broad advice

Default Deliverable

The result should usually be a reusable security audit with:

grade
severity-ordered findings
concrete hardening steps
tests to add before shipping

related-skills.json

mismo repositorio

security-systems.md

from "vibeforge1111/spark-intelligence-builder"

Design secure, lightweight local-agent systems for Spark Intelligence and adjacent agent products. Use when defining identity and pairing rules, provider or channel auth, dangerous command approvals, tool and host boundaries, webhook trust checks, local secret handling, or security guardrails for new features.

2026-03-252

agent-landscape-analysis.md

from "vibeforge1111/spark-intelligence-builder"

Analyze OpenClaw, Claude Cowork, Hermes Agent, and adjacent agent products to learn what to borrow, what to directly copy as patterns, and what Spark Intelligence should keep uniquely its own. Use when comparing architectures, onboarding, adapters, reliability harnesses, migration paths, or competitive product shape.

2026-03-252

reliable-job-harnesses.md

from "vibeforge1111/spark-intelligence-builder"

Build and review cron jobs, schedulers, retries, smoke tests, and operational harnesses for Spark Intelligence in a lightweight and highly reliable way. Use when designing job systems, background work, health checks, retry logic, cron behavior, migration jobs, or smoke-test coverage for scheduled work.

2026-03-252

spark-ecosystem-product.md

from "vibeforge1111/spark-intelligence-builder"

Make Spark Intelligence product decisions with deep awareness of Spark Researcher, Spark Swarm, domain chips, specialization paths, autoloop flywheels, and the wider Spark ecosystem. Use when defining product scope, modular architecture, ecosystem integration, persistent agent behavior, or self-evolving collective-intelligence systems.

2026-03-252

maintainable-engineering.md

from "vibeforge1111/spark-intelligence-builder"

Keep Spark Intelligence code, architecture, security, and documentation highly maintainable, scalable enough, and clean without adding unnecessary complexity. Use when reviewing code, planning architecture, writing docs, simplifying modules, improving quality, or enforcing long-term engineering standards.

2026-03-252

package.json

"author": "vibeforge1111"

"repository": "vibeforge1111/spark-intelligence-builder"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name	security-auditor
description	Audit local-agent systems, specs, and code for security weaknesses and hardening priorities. Use when reviewing Spark Intelligence features, security-sensitive diffs, identity or pairing flows, host-execution boundaries, webhook adapters, auth and secret handling, or when producing a security grade and remediation list that others can reuse later.

Security Auditor

Use this skill when work touches:

security review
pre-landing diff review
trust-boundary grading
hardening backlog creation
local-agent security posture checks
reusable audit reports for other builders

Read First

docs/SECURITY_DOCTRINE_V1.md
docs/IDENTITY_AND_SESSION_MODEL_SPEC_V1.md
docs/PROVIDER_AND_AUTH_CONFIG_SPEC_V1.md
docs/CODING_RULESET_V1.md
docs/SECURITY_RESEARCH_PLAN_HERMES_OPENCLAW.md
docs/OPENCLAW_HERMES_SECURITY_HISTORY_ANALYSIS_2026-03-25.md

Then read:

references/audit-framework.md
references/competitor-findings.md

Core Doctrine

Audit for real security failures first:

identity confusion
host takeover paths
dangerous defaults
weak approvals
secret leakage
cross-session leakage

Do not get distracted by style before those are clear.

Workflow

Identify the artifact being reviewed.
Map the relevant trust boundaries.
Check identity, session, auth, host, webhook, secret, and logging behavior.
Compare the design against known OpenClaw and Hermes hardening classes.
Grade the system.
Produce severity-first findings and a hardening order.

Required Outputs

Return these explicitly:

security grade
critical findings
high findings
medium findings
low findings
open questions
hardening priorities
required tests

Review Rules

findings first
exploit paths before theory
boundary mistakes before optional improvements
remediation order before broad advice

Default Deliverable

The result should usually be a reusable security audit with:

grade
severity-ordered findings
concrete hardening steps
tests to add before shipping

security-auditor

Security Auditor

Read First

Core Doctrine

Workflow

Required Outputs

Review Rules

Default Deliverable

Más de este repositorio

Más de este repositorio

Security Auditor

Read First

Core Doctrine

Workflow

Required Outputs

Review Rules

Default Deliverable