Security Audit Codebase

Conducts comprehensive security audits of codebases to identify vulnerabilities, exposed secrets, and compliance issues.

Install this skill

77/100

Security score

The Security Audit Codebase skill was audited on Mar 3, 2026 and we found 5 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 126

Direct command execution function call

SourceSKILL.md

126	grep -rn "system\(.paste\\|exec(\\|spawn(" --include=".{R,js,ts,py}" .

low line 72

Access to .env file

SourceSKILL.md

72	git check-ignore .env .Renviron credentials.json node_modules/

low line 75

Access to .env file

SourceSKILL.md

75	git ls-files \| grep -i "\.env\\|\.renviron\\|credentials\\|secret"

medium line 78

Access to .env file

SourceSKILL.md

78	Expected: All sensitive files (`.env`, `.Renviron`, `credentials.json`) are listed in `.gitignore`, and `git ls-files` returns no tracked sensitive files.

low line 169

External URL reference

SourceSKILL.md

169	On failure: If debug mode is enabled in production configs, disable it immediately. Replace wildcard CORS origins with explicit allowed domains. Update `http://` URLs to `https://` where the endpo

Scanned on Mar 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw backend testing security-engineer devops-sre backend-developer development

pjt222/agent-almanac