Security Review Skill Profiles

Why this category exists

Profiles focused on reviewing skills before they reach a trusted workflow.

Skills overview • OpenClaw security • Methodology

Back to skills overview

Use the hub when you need a wider choice set, review methodology, or a different workflow path. Return to the skills overview

Source instructions onlyVerified GitHub sources + editorial hardening layer

OpenClaw Security Hardening

Use this profile when OpenClaw is moving beyond local experiments and you need clear isolation, credential, and review controls.

No standalone hardening installer was verified for this profile. Start from a verified OpenClaw install, then use the upstream setup and operator sources to apply hardening and audit steps deliberately.

2 source signals • Last reviewed 2026-03-11

Default to private network access and authenticated operator paths.

View profile Review method

Editorial profileEditorial review profile

Skill Safety Review

Use this profile when a team needs a repeatable way to screen public skills for hidden assumptions, risky permissions, or maintenance gaps.

This is a review profile, not a directly installable skill. Use it to evaluate upstream skills before you copy any command into a trusted environment.

1 source signals • Last reviewed 2026-03-11

Review source reputation and update history before installation.

View profile Review method

Editorial profileEditorial authoring profile

Skill Authoring Blueprint

Use this profile when the goal is to turn repeated prompts into stable, reviewable skills rather than one-off automation sprawl.

This profile helps with writing and reviewing skills, but it does not map to one verified install command. Use the linked sources and guides when you need directly runnable setup instructions.

1 source signals • Last reviewed 2026-03-11

Prefer explicit triggers and clear boundaries over magic behavior.

View profile Review method

Source instructions onlyAnthropic MCP docs + MCP official spec

MCP Server Setup

Use this profile when Claude Code needs live access to databases, APIs, file systems, or operator tools through MCP and you want the connection model to stay legible.

Install Claude Code first, then add local or remote MCP servers with the official claude mcp flow and authenticate them through /mcp when the server requires it.

3 source signals • Last reviewed 2026-04-01

MCP servers can have full system access, so confirm the source and permissions model before connecting one to Claude Code.

View profile Review method

Source instructions onlyAnthropic Claude Code docs + community skill patterns

AI Code Review Skill

Use this profile when the main goal is diff analysis: spotting regressions, missing tests, risky assumptions, or release-boundary mistakes before a change merges.

Install gstack from the upstream repository, then use its documented review workflow inside Claude Code instead of copying a one-off review prompt from a forum thread.

2 source signals • Last reviewed 2026-04-01

AI review is an assistive layer and cannot replace human review for security-sensitive, compliance-critical, or high-blast-radius code paths.

View profile Review method

Source instructions onlygstack cso skill + Anthropic best practices

Security Audit Skill

Use this profile when you need an AI-assisted security pass across application code, dependencies, secrets handling, and release surfaces before shipping or inheriting a codebase.

Install gstack from the upstream repository, then enable the documented security-audit workflow and adapt its checks to your own trust boundaries and deployment surface.

3 source signals • Last reviewed 2026-04-01

Audit output requires human validation before remediation or sign-off because Claude Code can miss context, overstate issues, or invent risk where none exists.

View profile Review method

Next moves from this category

Need broader discovery? Skills overview

Need OpenClaw context? OpenClaw workflow

Need editorial or commercial follow-up? Submit • Advertise