Tools
Code Security Skills Set
By A collection of security-focused skills, plugins, and tools for AI agents (Claude Code, OpenClaw, MCP) dedicated to code auditing, vulnerability detection, and agent security.
README
# 🛡️ Code Security Skills Set
[中文](./README_zh.md) | English
A collection of security-focused skills, plugins, and tools for AI agents (such as Claude Code, OpenClaw, MCP) dedicated to code auditing, vulnerability detection, and agent security.
## 📑 Navigation
* [Static Analysis (SAST)](#1-static-analysis-sast)
* [AppSec & Vulnerability Discovery](#2-appsec--vulnerability-discovery)
* [Smart Contract Auditing](#3-smart-contract-auditing)
* [Skill & Agent Security Scanning](#4-skill--agent-security-scanning)
* [Skill Collections](#5-skill-collections)
## 1. Static Analysis (SAST)
Empower agents with robust static code scanning capabilities (e.g., invoking CodeQL, Semgrep).
* [trailofbits/skills](https://github.com/trailofbits/skills/tree/main/plugins/static-analysis) - Skills by Trail of Bits, it includes invoking CodeQL, Semgrep, and SARIF parsing.
* [semgrep/skills](https://github.com/semgrep/skills) - Official Semgrep skills to run static analysis scans and create custom detection rules.
* [EastSword/skill-dfyx_code_security_review](https://github.com/EastSword/skill-dfyx_code_security_review) - Comprehensive code auditing skill, highly accessible for Chinese community users. Designed based on a comprehensive case database and AI-powered reasoning capabilities.
## 2. AppSec & Vulnerability Discovery
Assist security researchers and developers in finding logic flaws, injections, and credential leaks.
* [ghostsecurity/skills](https://github.com/ghostsecurity/skills) - AppSec skills collection by Ghost Security designed for agents.
* [UseAI-pro/openclaw-skills-security](https://github.com/UseAI-pro/openclaw-skills-security) - Mainly for OpenClaw, focused on detecting injections and credential leaks.
* [eth0izzle/security-skills](https://github.com/eth0izzle/security-skills) - A set of Claude Code skills to help security teams stay secure.
* [instavm/security-skills](https://github.com/instavm/security-skills) - Converts numerous real-world security reports into usable skills.
## 3. Smart Contract Auditing
* [kadenzipfel/scv-scan](https://github.com/kadenzipfel/scv-scan) - Security scanning skill for Solidity, tailored for Web3 and smart contract audits.
## 4. Skill & Agent Security Scanning
Tools for AI infrastructure security, including red teaming, malicious skill prevention, and authorization checks.
* [huifer/skill-security-scan](https://github.com/huifer/skill-security-scan) - A CLI tool to scan Claude Skills for security risks before installation.
* [cisco-ai-defense/skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) - Cisco's agent-skill scanner for risk detection.
* [snyk/agent-scan](https://github.com/snyk/agent-scan) - Snyk's agent/MCP scanning tool, to discover and scan agent components on your machine for prompt injections
and vulnerabilities (including agents, MCP servers, skills).
* [Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) - A red-teaming and security detection platform for AI platforms/agents/skills by Tencent.
* [prompt-security/clawsec](https://github.com/prompt-security/clawsec) - A complete security suite (clawsec) dedicated to protecting OpenClaw itself.
* [adversa-ai/secureclaw](https://github.com/adversa-ai/secureclaw) - A security plugin collection for OpenClaw.
## 5. Skill Collections
General, large-scale collections that include security features.
* [affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code) - A massive collection of Claude Code skills and plugins.
---
## 🤝 Contributing
Still needs improvement. Pull requests and issues are welcome.
## 📄 License
[MIT License](LICENSE)
tools
Comments
Sign in to leave a comment