Run any Skill in Manus with one click

security-scanner

Full-stack security audit for OpenClaw's Node.js ecosystem: npm audit for CVEs, Snyk for supply chain, ESLint security plugin for code patterns, OWASP dependency check, and AI review of the 60-repo portfolio for systemic vulnerabilities. Generates SECURITY_REPORT.md. Adapted from ZeroClaw's comprehensive security-scanner, tuned for Node.js/TypeScript and multi-repo portfolios.

Run Skill in Manus

Overview

Install command

npx skills add https://github.com/mk-knight23/AI-Agent-OpenClaw --skill security-scanner

Copy and paste this command into Claude Code to install the skill

Source

mk-knight23/AI-Agent-OpenClaw

Stars0

Forks0

UpdatedMarch 10, 2026 at 00:13

SKILL.md

readonly

name	security-scanner
description	Full-stack security audit for OpenClaw's Node.js ecosystem: npm audit for CVEs, Snyk for supply chain, ESLint security plugin for code patterns, OWASP dependency check, and AI review of the 60-repo portfolio for systemic vulnerabilities. Generates SECURITY_REPORT.md. Adapted from ZeroClaw's comprehensive security-scanner, tuned for Node.js/TypeScript and multi-repo portfolios.

security-scanner

Ecosystem-wide security audit — CVEs, supply chain, code patterns, portfolio scanning.

Usage

@OpenClaw security-scanner --full
@OpenClaw security-scanner --portfolio        # Scan all 60 repos for CVEs
@OpenClaw security-scanner --repo ./target    # Audit a single repository
@OpenClaw security-scanner --fail-on critical # CI gate: fail only on CRITICAL

What It Checks

1. Known CVEs — `npm audit` + OWASP

Direct + transitive dependency scan against npm advisory DB
OWASP Dependency-Check for non-npm deps (Python scripts, CLI tools)
Each finding: CVE ID, CVSS score, affected package, fix

2. Supply Chain — Snyk

License policy enforcement (GPL-3.0, AGPL blocklist)
Typosquatting detection (flags expressjs vs express)
Malicious package patterns (dependency confusion)

3. Code Security — ESLint + Semgrep

Injection: SQL, shell, path traversal
Hardcoded secrets (API keys, tokens, passwords)
Dangerous functions: eval, exec, deserialize
Authentication bypass patterns

4. Portfolio Scan (OpenClaw-Specific)

Scans all repositories in the 60-repo matrix
Identifies shared vulnerable dependencies across repos
Prioritizes: which repos are in production vs. experimental
Generates unified report with cross-repo impact analysis

Files Created

SECURITY_REPORT.md          # Full report with severity + remediation
security_audit.json         # Machine-readable for CI artifacts
portfolio_security.md       # Cross-repo vulnerability map

CI Gate Integration

# .github/workflows/security-gate.yml
- name: OpenClaw Security Scan
  run: openclaw security-scanner --full --fail-on critical

Philosophy

With 60 repositories to manage, a single vulnerable shared dependency can cascade. Portfolio-level scanning catches these systemic risks before they become incidents.

More from this repository

same repository

claw-ecosystem

mk-knight23/AI-Agent-OpenClaw

This skill should be used when the user asks to "start all claws", "start claw gateways", "run all gateways", "start openclaw nanobot picoclaw zeroclaw nanoclaw", "launch claw ecosystem", "stop all claws", "stop gateways", "claw status", "check gateway status", or "open claws". Manages all five Claw ecosystem gateways (OpenClaw, ZeroClaw, NanoBot, PicoClaw, NanoClaw) as a unified fleet.

2026-03-200

batch-processor

mk-knight23/AI-Agent-OpenClaw

High-throughput parallel processing of large datasets using Node.js streams and Claude AI. Accepts CSV, JSON, JSONL, or plain text. Processes in configurable chunk sizes with backpressure-aware Node.js Readable/Transform/Writable streams. Tracks progress, retries failures with exponential backoff, estimates cost before run. Adapted from ZeroClaw's Rayon-based batch processor for Node.js streaming architecture.

2026-03-100

iot-monitor

mk-knight23/AI-Agent-OpenClaw

Dashboard and API layer for monitoring IoT sensors and edge devices from OpenClaw's full-stack environment. Connects to MQTT brokers, HTTP sensor APIs, or PicoClaw agent heartbeats. Renders a live web dashboard, stores readings in Supabase, and sends alerts via any configured channel (Telegram, Slack, WhatsApp). Adapted from PicoClaw's Go iot-monitor for OpenClaw's Node.js full-stack runtime.

2026-03-100

add-gmail

mk-knight23/AI-Agent-OpenClaw

Adds Gmail monitoring to OpenClaw using the googleapis library. Creates OAuth2 credentials, polls INBOX for unread messages matching a trigger pattern, drafts AI replies, and sends after approval. Use when you want OpenClaw to monitor and respond to emails. Requires a Google Cloud project with Gmail API enabled and OAuth2 credentials.

2026-03-060

add-obsidian

mk-knight23/AI-Agent-OpenClaw

Mounts an Obsidian vault as a read-only knowledge source for OpenClaw. Registers a vault_search tool that performs full-text search across all .md files, returning file names and relevant excerpts. Use when you want OpenClaw to answer questions using your personal notes or team knowledge base. Requires the vault to be accessible as a local directory.

2026-03-060

add-slack

mk-knight23/AI-Agent-OpenClaw

Adds Slack integration to OpenClaw using the @slack/bolt framework. Creates a SlackChannel adapter with Socket Mode (no public URL required), handles app_mention events, routes messages through OpenClaw's skill dispatcher, and responds in-thread. Use when you want OpenClaw accessible from Slack workspaces. Requires a Slack app with Socket Mode enabled.

2026-03-060

Source

mk-knight23

mk-knight23/AI-Agent-OpenClaw

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-scanner
description	Full-stack security audit for OpenClaw's Node.js ecosystem: npm audit for CVEs, Snyk for supply chain, ESLint security plugin for code patterns, OWASP dependency check, and AI review of the 60-repo portfolio for systemic vulnerabilities. Generates SECURITY_REPORT.md. Adapted from ZeroClaw's comprehensive security-scanner, tuned for Node.js/TypeScript and multi-repo portfolios.

security-scanner

Ecosystem-wide security audit — CVEs, supply chain, code patterns, portfolio scanning.

Usage

@OpenClaw security-scanner --full
@OpenClaw security-scanner --portfolio        # Scan all 60 repos for CVEs
@OpenClaw security-scanner --repo ./target    # Audit a single repository
@OpenClaw security-scanner --fail-on critical # CI gate: fail only on CRITICAL

What It Checks

1. Known CVEs — `npm audit` + OWASP

Direct + transitive dependency scan against npm advisory DB
OWASP Dependency-Check for non-npm deps (Python scripts, CLI tools)
Each finding: CVE ID, CVSS score, affected package, fix

2. Supply Chain — Snyk

License policy enforcement (GPL-3.0, AGPL blocklist)
Typosquatting detection (flags expressjs vs express)
Malicious package patterns (dependency confusion)

3. Code Security — ESLint + Semgrep

Injection: SQL, shell, path traversal
Hardcoded secrets (API keys, tokens, passwords)
Dangerous functions: eval, exec, deserialize
Authentication bypass patterns

4. Portfolio Scan (OpenClaw-Specific)

Scans all repositories in the 60-repo matrix
Identifies shared vulnerable dependencies across repos
Prioritizes: which repos are in production vs. experimental
Generates unified report with cross-repo impact analysis

Files Created

SECURITY_REPORT.md          # Full report with severity + remediation
security_audit.json         # Machine-readable for CI artifacts
portfolio_security.md       # Cross-repo vulnerability map

CI Gate Integration

# .github/workflows/security-gate.yml
- name: OpenClaw Security Scan
  run: openclaw security-scanner --full --fail-on critical

Philosophy

With 60 repositories to manage, a single vulnerable shared dependency can cascade. Portfolio-level scanning catches these systemic risks before they become incidents.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit + OWASP

2. Supply Chain — Snyk

3. Code Security — ESLint + Semgrep

4. Portfolio Scan (OpenClaw-Specific)

Files Created

CI Gate Integration

Philosophy

More from this repository

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit + OWASP

2. Supply Chain — Snyk

3. Code Security — ESLint + Semgrep

4. Portfolio Scan (OpenClaw-Specific)

Files Created

CI Gate Integration

Philosophy

More from this repository

1. Known CVEs — `npm audit` + OWASP

1. Known CVEs — `npm audit` + OWASP