📦 Secure Code Review — 安全代码审查
v1.0.0自动扫描代码中的 SQL 注入、XSS、硬编码密钥等安全漏洞与可靠性反模式,给出修复建议,帮助开发者在上线前消除隐患。
0· 107·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill appears to do what it claims: repository-wide text searches and file reads to identify injection, XSS, authorization, and type-safety anti-patterns. Before installing or invoking it, confirm you intend to grant the agent read access to the target repository (it will examine source files). Because SKILL.md is a draft and the skill source is 'unknown', consider: run it first on a non-sensitive or subset of the repo, ensure no secrets are present in the scanned files, and review the full...详细分析 ▾
✓ 用途与能力
The name, description, and discovery tasks all describe scanning a codebase for injection, XSS, auth, and type-safety anti-patterns. The declared inputs (codebase or design doc) and the listed tools (Grep, Read) are appropriate and proportionate for that purpose.
ℹ 指令范围
SKILL.md instructs the agent to run repository-wide text searches (grep) and to read flagged files to produce findings — this is expected for a code review. Note: optional tools include Bash and Write, which would allow shell commands or modifying files if invoked; the instructions as-present focus on reading/searching and producing a report, but a user should be aware the skill could be extended to run shell commands if the agent is allowed to use optional tools.
✓ 安装机制
There is no install spec and no code files — the skill is instruction-only, which minimizes filesystem footprint and avoids fetching external code.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. Its need to read the repository root is proportional to its stated goal of scanning source files.
✓ 持久化与权限
The skill is not marked always:true and uses the platform default for invocation. It does not request persistent system-wide privileges or modify other skills' configs in the provided instructions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/9
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install bookforge-secure-code-review
镜像加速npx clawhub@latest install bookforge-secure-code-review --registry https://cn.longxiaskill.com