Skills 导航

覆盖威胁建模、漏洞评估、安全架构设计、代码审计与渗透测试，内置 STRIDE、OWASP、加密模式和安全扫描流程，适合系统设计评审与上线前安全排查。

✎ 安全专家把威胁建模、漏洞分析到渗透测试串成一套流程，内置 STRIDE 与 OWASP 指南，做安全设计和排查更省心。

安装前审计 Claude Code Skill 的代码执行、Prompt 注入和依赖供应链风险，支持本地目录或 Git 仓库扫描，输出 PASS/WARN/FAIL 结论及修复建议

✎ 把代码审查、漏洞扫描和合规检查串成一条线，帮团队更早发现风险，做安全治理更省心。

Security vitals checker, also known as ClawVitals. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.

Control Ring doorbells and cameras from the terminal. Use when scanning motion events, auditing device access, checking firmware, reporting activity.

|

> 安全研究系统 - 智能任务评估与角色匹配

Unified security scanner that catches leaked secrets, credentials, and code vulnerabilities before they reach your remote. Wraps gitleaks (400+ secret patterns) and shipguard (48+ SAST rules) into a single tool with pre-commit hooks, on-demand scans, and full git history audits.

飞书群聊安全隔离 Skill，提供主人身份三重保障、技能安装确认、权限分级、防注入攻击、敏感路径保护等完整安全机制，保护机器人在群聊环境中的安全。

Reviews Elixir code for security vulnerabilities including code injection, atom exhaustion, and secret handling. Use when reviewing code handling user input, external data, or sensitive configuration.

Prompt injection and malware detection filter for external content. Scans text, files, or URLs for 20+ attack patterns including instruction overrides, credential exfiltration, persona hijacking, encoded payloads, fake system messages, and invisible character injection. Returns JSON with risk level and sanitized text.

> 工作问题收集与分析Skill

|

|

对 GitHub 仓库或本地目录进行全栈安全审计，检测恶意代码、后门和供应链攻击，生成报告写入本地审计目录。当用户说"审计下"、"审计一下"、"安全审计"、"检查下这个仓库"、"审计当前目录"、"审计本地项目"、"check repo"、"audit" 时立即触发。支持 GitHub URL 或本地目录。

面向代码库做安全审计，扫描硬编码密钥、SQL 注入、XSS、不安全依赖和缺失校验，输出带严重级别、定位、修复建议与合规评分的结构化结果。

针对 TypeScript/Node.js 项目做系统化安全审查，排查 XSS、注入、CSRF、JWT/OAuth2、依赖 CVE 与密钥泄露风险，适合上线前、鉴权改动后或审计 Express、NestJS、Next.js 代码。