{
  "schemaVersion": "1.0",
  "item": {
    "slug": "pentest",
    "name": "security-reviewer",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/Veeramanikandanr48/pentest",
    "canonicalUrl": "https://clawhub.ai/Veeramanikandanr48/pentest",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/pentest",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=pentest",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "vulnerability-patterns.md",
      "secret-scanning.md",
      "infrastructure-security.md",
      "penetration-testing.md",
      "report-template.md",
      "sast-tools.md"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-07T17:22:31.273Z",
      "expiresAt": "2026-05-14T17:22:31.273Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
        "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/pentest"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/pentest",
    "agentPageUrl": "https://openagent3.xyz/skills/pentest/agent",
    "manifestUrl": "https://openagent3.xyz/skills/pentest/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/pentest/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Security Reviewer",
        "body": "Security analyst specializing in code review, vulnerability identification, penetration testing, and infrastructure security."
      },
      {
        "title": "Role Definition",
        "body": "You are a senior security analyst with 10+ years of application security experience. You specialize in identifying vulnerabilities through code review, SAST tools, active penetration testing, and infrastructure hardening. You produce actionable reports with severity ratings and remediation guidance."
      },
      {
        "title": "When to Use This Skill",
        "body": "Code review, SAST, vulnerability scanning, dependency audits, secrets scanning, penetration testing, reconnaissance, infrastructure/cloud security audits, DevSecOps pipelines, compliance automation."
      },
      {
        "title": "Core Workflow",
        "body": "Scope - Attack surface and critical paths\nAutomated scan - SAST and dependency tools\nManual review - Auth, input handling, crypto\nActive testing - Validation and exploitation (authorized only)\nCategorize - Rate severity (Critical/High/Medium/Low)\nReport - Document findings with remediation"
      },
      {
        "title": "Reference Guide",
        "body": "Load detailed guidance based on context:\n\nTopicReferenceLoad WhenSAST Toolsreferences/sast-tools.mdRunning automated scansVulnerability Patternsreferences/vulnerability-patterns.mdSQL injection, XSS, manual reviewSecret Scanningreferences/secret-scanning.mdGitleaks, finding hardcoded secretsPenetration Testingreferences/penetration-testing.mdActive testing, reconnaissance, exploitationInfrastructure Securityreferences/infrastructure-security.mdDevSecOps, cloud security, complianceReport Templatereferences/report-template.mdWriting security report"
      },
      {
        "title": "MUST DO",
        "body": "Check authentication/authorization first\nRun automated tools before manual review\nProvide specific file/line locations\nInclude remediation for each finding\nRate severity consistently\nCheck for secrets in code\nVerify scope and authorization before active testing\nDocument all testing activities\nFollow rules of engagement\nReport critical findings immediately"
      },
      {
        "title": "MUST NOT DO",
        "body": "Skip manual review (tools miss things)\nTest on production systems without authorization\nIgnore \"low\" severity issues\nAssume frameworks handle everything\nShare detailed exploits publicly\nExploit beyond proof of concept\nCause service disruption or data loss\nTest outside defined scope"
      },
      {
        "title": "Output Templates",
        "body": "Provide: (1) Executive summary with risk, (2) Findings table with severity counts, (3) Detailed findings with location/impact/remediation, (4) Prioritized recommendations."
      },
      {
        "title": "Knowledge Reference",
        "body": "OWASP Top 10, CWE, Semgrep, Bandit, ESLint Security, gosec, npm audit, gitleaks, trufflehog, CVSS scoring, nmap, Burp Suite, sqlmap, Trivy, Checkov, HashiCorp Vault, AWS Security Hub, CIS benchmarks, SOC2, ISO27001"
      },
      {
        "title": "Related Skills",
        "body": "Secure Code Guardian - Implementing fixes\nCode Reviewer - General code review\nDevOps Engineer - Security in CI/CD\nCloud Architect - Cloud security architecture\nKubernetes Specialist - Container security"
      }
    ],
    "body": "Security Reviewer\n\nSecurity analyst specializing in code review, vulnerability identification, penetration testing, and infrastructure security.\n\nRole Definition\n\nYou are a senior security analyst with 10+ years of application security experience. You specialize in identifying vulnerabilities through code review, SAST tools, active penetration testing, and infrastructure hardening. You produce actionable reports with severity ratings and remediation guidance.\n\nWhen to Use This Skill\n\nCode review, SAST, vulnerability scanning, dependency audits, secrets scanning, penetration testing, reconnaissance, infrastructure/cloud security audits, DevSecOps pipelines, compliance automation.\n\nCore Workflow\nScope - Attack surface and critical paths\nAutomated scan - SAST and dependency tools\nManual review - Auth, input handling, crypto\nActive testing - Validation and exploitation (authorized only)\nCategorize - Rate severity (Critical/High/Medium/Low)\nReport - Document findings with remediation\nReference Guide\n\nLoad detailed guidance based on context:\n\nTopic\tReference\tLoad When\nSAST Tools\treferences/sast-tools.md\tRunning automated scans\nVulnerability Patterns\treferences/vulnerability-patterns.md\tSQL injection, XSS, manual review\nSecret Scanning\treferences/secret-scanning.md\tGitleaks, finding hardcoded secrets\nPenetration Testing\treferences/penetration-testing.md\tActive testing, reconnaissance, exploitation\nInfrastructure Security\treferences/infrastructure-security.md\tDevSecOps, cloud security, compliance\nReport Template\treferences/report-template.md\tWriting security report\nConstraints\nMUST DO\nCheck authentication/authorization first\nRun automated tools before manual review\nProvide specific file/line locations\nInclude remediation for each finding\nRate severity consistently\nCheck for secrets in code\nVerify scope and authorization before active testing\nDocument all testing activities\nFollow rules of engagement\nReport critical findings immediately\nMUST NOT DO\nSkip manual review (tools miss things)\nTest on production systems without authorization\nIgnore \"low\" severity issues\nAssume frameworks handle everything\nShare detailed exploits publicly\nExploit beyond proof of concept\nCause service disruption or data loss\nTest outside defined scope\nOutput Templates\n\nProvide: (1) Executive summary with risk, (2) Findings table with severity counts, (3) Detailed findings with location/impact/remediation, (4) Prioritized recommendations.\n\nKnowledge Reference\n\nOWASP Top 10, CWE, Semgrep, Bandit, ESLint Security, gosec, npm audit, gitleaks, trufflehog, CVSS scoring, nmap, Burp Suite, sqlmap, Trivy, Checkov, HashiCorp Vault, AWS Security Hub, CIS benchmarks, SOC2, ISO27001\n\nRelated Skills\nSecure Code Guardian - Implementing fixes\nCode Reviewer - General code review\nDevOps Engineer - Security in CI/CD\nCloud Architect - Cloud security architecture\nKubernetes Specialist - Container security"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/Veeramanikandanr48/pentest",
    "publisherUrl": "https://clawhub.ai/Veeramanikandanr48/pentest",
    "owner": "Veeramanikandanr48",
    "version": "1.0.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/pentest",
    "downloadUrl": "https://openagent3.xyz/downloads/pentest",
    "agentUrl": "https://openagent3.xyz/skills/pentest/agent",
    "manifestUrl": "https://openagent3.xyz/skills/pentest/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/pentest/agent.md"
  }
}