Run any Skill in Manus with one click

security-scanner

Go security audit for edge deployments: govulncheck for CVEs in Go modules, gosec for code-level security patterns, nancy for supply chain vulnerabilities, and analysis of network exposure on edge hardware (open ports, default credentials, TLS config). Generates SECURITY_REPORT.md. Adapted from ZeroClaw's Rust security-scanner for Go and IoT edge deployments.

Run Skill in Manus

Overview

Install command

npx skills add https://github.com/mk-knight23/AI-Agent-PicoClaw --skill security-scanner

Copy and paste this command into Claude Code to install the skill

Source

mk-knight23/AI-Agent-PicoClaw

Stars0

Forks0

UpdatedMarch 10, 2026 at 00:14

SKILL.md

readonly

name	security-scanner
description	Go security audit for edge deployments: govulncheck for CVEs in Go modules, gosec for code-level security patterns, nancy for supply chain vulnerabilities, and analysis of network exposure on edge hardware (open ports, default credentials, TLS config). Generates SECURITY_REPORT.md. Adapted from ZeroClaw's Rust security-scanner for Go and IoT edge deployments.

security-scanner

Go security audit — CVEs, code patterns, supply chain, and edge network exposure.

Usage

@PicoClaw security-scanner --full
@PicoClaw security-scanner --deps-only         # govulncheck + nancy only
@PicoClaw security-scanner --network-audit     # Scan open ports + TLS on edge device
@PicoClaw security-scanner --fail-on high      # CI mode: exit non-zero if HIGH+ found

What It Checks

1. Known CVEs — `govulncheck`

Scans Go module graph against Go vulnerability database (vuln.go.dev)
Only reports vulnerabilities reachable from your code (not just deps)
Includes: CVE ID, affected function, call stack trace to the vulnerable code

2. Supply Chain — `nancy`

Sonatype OSS Index integration for Go module audit
Flags: known malicious packages, deprecated modules, license violations

3. Code Security — `gosec`

Hardcoded credentials in source code
Weak crypto: math/rand instead of crypto/rand
Path traversal in file operations
Shell injection in exec.Command with user input
HTTP server without TLS
Insecure temp file creation

4. Edge Network Audit (PicoClaw-Specific)

Scans open ports on the edge device (nmap -sV localhost)
Checks TLS certificate validity for any HTTPS endpoints
Detects default credentials on admin interfaces
Verifies firewall rules match the minimal attack surface

Files Created

SECURITY_REPORT.md          # Full report with severity + remediation
security_audit.json         # Machine-readable JSON
network_exposure.md         # Open ports, TLS status, credential audit

CI Integration (cross-compile pipeline)

# Runs security scan before cross-compile + deploy
- name: Security Gate
  run: |
    go install golang.org/x/vuln/cmd/govulncheck@latest
    picoclaw security-scanner --full --fail-on high

Philosophy

An edge device is physically accessible. A compromised PicoClaw on a home network is a lateral movement vector. Security scanning is not optional — it's the pre-flight check before every binary lands on hardware.

More from this repository

same repository

code-reviewer

mk-knight23/AI-Agent-PicoClaw

Static analysis + AI review on Go code targeting edge and embedded systems. Runs go vet, staticcheck, gosec, and errcheck — then an AI pass focused on concurrency safety, goroutine leaks, context propagation, and low-memory patterns critical for <10MB edge deployments. Outputs CODE_REVIEW.md with CRITICAL/HIGH/MEDIUM/LOW severity. Adapted from Nanobot's Python code-reviewer for Go/edge runtime.

2026-03-100

deploy-everywhere

mk-knight23/AI-Agent-PicoClaw

Cross-compile PicoClaw Go binaries for all supported hardware targets and deploy them in one command. Supports: LicheeRV Nano (RISC-V), Raspberry Pi Zero (ARMv6), Pi 3/4/5 (ARM64), MIPS routers, old Android phones (ARM64), and x86_64 servers. Generates platform-specific init scripts (systemd/OpenWrt procd/Android service), then SCP-deploys and restarts. Adapted from OpenClaw's multi-platform deployment skill for Go cross-compilation.

2026-03-100

add-gmail

mk-knight23/AI-Agent-PicoClaw

Adds Gmail monitoring to PicoClaw via IMAP over TLS using pure Go. Creates channels/gmail.go with an IMAP poller using the go-imap library, polls INBOX for unread messages, drafts replies through the agent, and sends via SMTP. Compiles to a static binary with no CGo. Requires a Gmail App Password (not your Google account password).

2026-03-060

add-obsidian

mk-knight23/AI-Agent-PicoClaw

Mounts an Obsidian vault as a read-only knowledge source for PicoClaw. Creates tools/vault_search.go using Go's filepath.WalkDir and strings.Contains for fast zero-allocation search. Registers vault_search as a tool available to the agent. Works on any directory of Markdown files — synced vault, remote mount, or local copy. Requires the vault accessible as a filesystem path.

2026-03-060

add-slack

mk-knight23/AI-Agent-PicoClaw

Adds Slack integration to PicoClaw using the Slack Real Time Messaging API over WebSocket in pure Go. Creates channels/slack.go using gorilla/websocket, handles app_mention events, routes to the skill dispatcher, and replies in-thread. Compiles to a static binary. Requires a Slack bot token and app token with Socket Mode enabled.

2026-03-060

add-supabase

mk-knight23/AI-Agent-PicoClaw

Adds Supabase as PicoClaw's persistent backend using the Supabase REST API via Go's net/http. No heavy ORM — plain HTTP requests with JSON marshaling. Creates db/supabase.go with typed table helpers, db/migrations/001_init.sql for schema, and registers memory tools. Compiles to a static binary with zero CGo. Requires a Supabase project URL and anon key.

2026-03-060

Source

mk-knight23

mk-knight23/AI-Agent-PicoClaw

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-scanner
description	Go security audit for edge deployments: govulncheck for CVEs in Go modules, gosec for code-level security patterns, nancy for supply chain vulnerabilities, and analysis of network exposure on edge hardware (open ports, default credentials, TLS config). Generates SECURITY_REPORT.md. Adapted from ZeroClaw's Rust security-scanner for Go and IoT edge deployments.

security-scanner

Go security audit — CVEs, code patterns, supply chain, and edge network exposure.

Usage

@PicoClaw security-scanner --full
@PicoClaw security-scanner --deps-only         # govulncheck + nancy only
@PicoClaw security-scanner --network-audit     # Scan open ports + TLS on edge device
@PicoClaw security-scanner --fail-on high      # CI mode: exit non-zero if HIGH+ found

What It Checks

1. Known CVEs — `govulncheck`

Scans Go module graph against Go vulnerability database (vuln.go.dev)
Only reports vulnerabilities reachable from your code (not just deps)
Includes: CVE ID, affected function, call stack trace to the vulnerable code

2. Supply Chain — `nancy`

Sonatype OSS Index integration for Go module audit
Flags: known malicious packages, deprecated modules, license violations

3. Code Security — `gosec`

Hardcoded credentials in source code
Weak crypto: math/rand instead of crypto/rand
Path traversal in file operations
Shell injection in exec.Command with user input
HTTP server without TLS
Insecure temp file creation

4. Edge Network Audit (PicoClaw-Specific)

Scans open ports on the edge device (nmap -sV localhost)
Checks TLS certificate validity for any HTTPS endpoints
Detects default credentials on admin interfaces
Verifies firewall rules match the minimal attack surface

Files Created

SECURITY_REPORT.md          # Full report with severity + remediation
security_audit.json         # Machine-readable JSON
network_exposure.md         # Open ports, TLS status, credential audit

CI Integration (cross-compile pipeline)

# Runs security scan before cross-compile + deploy
- name: Security Gate
  run: |
    go install golang.org/x/vuln/cmd/govulncheck@latest
    picoclaw security-scanner --full --fail-on high

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — govulncheck

2. Supply Chain — nancy

3. Code Security — gosec

4. Edge Network Audit (PicoClaw-Specific)

Files Created

CI Integration (cross-compile pipeline)

Philosophy

More from this repository

More from this repository

security-scanner

Usage

What It Checks

1. Known CVEs — govulncheck

2. Supply Chain — nancy

3. Code Security — gosec

4. Edge Network Audit (PicoClaw-Specific)

Files Created

CI Integration (cross-compile pipeline)

Philosophy

1. Known CVEs — `govulncheck`

2. Supply Chain — `nancy`

3. Code Security — `gosec`

1. Known CVEs — `govulncheck`

2. Supply Chain — `nancy`

3. Code Security — `gosec`