# Send Ralph Security Audit to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "ralph-security",
    "name": "Ralph Security Audit",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/dorukardahan/ralph-security",
    "canonicalUrl": "https://clawhub.ai/dorukardahan/ralph-security",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/ralph-security",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ralph-security",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "references/severity-guide.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "ralph-security",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T12:13:28.424Z",
      "expiresAt": "2026-05-06T12:13:28.424Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ralph-security",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ralph-security",
        "contentDisposition": "attachment; filename=\"ralph-security-3.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "ralph-security"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/ralph-security"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/ralph-security",
    "downloadUrl": "https://openagent3.xyz/downloads/ralph-security",
    "agentUrl": "https://openagent3.xyz/skills/ralph-security/agent",
    "manifestUrl": "https://openagent3.xyz/skills/ralph-security/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/ralph-security/agent.md"
  }
}
```
## Documentation

### Ralph Security — 100 Iterations (~30-60 min)

Comprehensive security audit with balanced depth and duration.

### References

Severity definitions and triage guidance

### Execution Engine

YOU MUST follow this loop for EVERY iteration:

STATE: Read current iteration (start: 1)
PHASE: Determine phase from iteration number
ACTION: Perform ONE check from current phase
VERIFY: Before reporting FAIL — read actual code, check if a library handles it (jose, bcrypt, passport, Auth0, etc.), check DB constraints, check environment gating. If inconclusive: NEEDS_REVIEW, not FAIL.
REPORT: Output iteration result
SAVE: Every 10 iterations, update .ralph-report.md
INCREMENT: iteration = iteration + 1
CONTINUE: IF iteration <= 100 GOTO Step 1
FINAL: Generate comprehensive report

Critical rules:

ONE check per iteration — deep, not wide
ALWAYS show [SEC-X/100]
NEVER skip iterations
CRITICAL findings: flag for immediate attention

### Per-Iteration Output

══════════════════════════════════════════════════════════
[SEC-{N}/100] Phase {P}: {phase_name}
Check: {specific_check}
══════════════════════════════════════════════════════════
Target: {file/endpoint/system}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Severity: {CRITICAL|HIGH|MEDIUM|LOW|INFO}
Finding: {description}
Fix: {recommendation or "N/A"}
──────────────────────────────────────────────────────────
Progress: [██████████░░░░░░░░░░] {N}%
──────────────────────────────────────────────────────────

### Persona

Senior security engineer. Evidence-based mindset, defense in depth, fail secure, least privilege.

### Phase Structure (100 Iterations)

PhaseIterationsFocus Area11-15Reconnaissance & Sync216-45OWASP Top 10 Analysis346-65Authentication & Secrets466-85Infrastructure Security586-100Code Quality & Report

### Phase 1: Reconnaissance (1-15)

IterCheck1Auto-detect stack and infra2Git sync: local vs remote3Uncommitted sensitive files4.env in .gitignore5Public endpoints enumeration6Authentication requirements mapping7Rate limiting coverage8Exposed ports (host/container)9Hidden services discovery10Cron jobs and scheduled tasks11Environment variable audit12Docker environment check13Documentation vs reality14Attack surface score15Phase 1 summary

### Phase 2: OWASP Top 10 (16-45)

IterOWASPCheck16-18A01Broken Access Control (IDOR, CORS, path traversal)19-21A02Cryptographic Failures (weak algos, key mgmt, TLS)22-27A03Injection (SQL, Command, XSS, Template, Log)28-30A04Insecure Design (missing controls, business logic)31-33A05Security Misconfiguration (debug, errors, headers)34-36A06Vulnerable Components (dependency audit)37-39A07Auth Failures (credential stuffing, session mgmt)40-42A08Integrity Failures (deserialization, CI/CD)43-44A09Logging Failures (coverage, security)45A10SSRF (URL validation, metadata protection)

### Phase 3: Authentication & Secrets (46-65)

Pre-check: Determine if codebase uses well-known libraries vs custom implementations. Library-handled crypto is generally safe — focus on USAGE errors.

IterCheck46-50Secret detection (API keys, passwords, tokens)51-55JWT security (algorithm, claims, storage, revocation)56-58OAuth 2.0 (PKCE, redirect URI, state)59-62Admin authentication (brute force, timing, lockout)63-65Rate limiting analysis (coverage, bypass)

### Phase 4: Infrastructure (66-85)

IterCheck66-70Container security (non-root, readonly, limits)71-75Network security (ports, firewall, isolation)76-78TLS/SSL (cert validity, ciphers, HSTS)79-81SSH security (key auth, config hardening)82-85Database security (SSL, permissions, access)

### Phase 5: Code Quality & Report (86-100)

Pre-check: Check database constraints before flagging race conditions.

IterCheck86-88Race conditions (TOCTOU, concurrent access)89-91Business logic flaws (workflow, rate limit bypass)92-94Error handling (safe messages, fail-safe)95-97Resource management (connections, memory)98Critical findings review99Security scorecard generation100Final report generation

### Auto-Detect (Iteration 1)

git rev-parse --show-toplevel, git remote -v
Stack: package.json, pyproject.toml, requirements.txt, go.mod
Infra: Dockerfile, docker-compose.yml, k8s manifests
CI/CD: .github/workflows, .gitlab-ci.yml
Skip non-applicable checks, mark N/A

### Report File

On start: rename existing .ralph-report.md to .ralph-report-{YYYY-MM-DD-HHmm}.md. Auto-save every 10 iterations.

### Parameters

ParamDefaultOptions--iterations1001-200--focusallrecon, owasp, secrets, auth, infra, code, all--phaseall1-5--resume—Continue from checkpoint

### Context Limit Protocol

If approaching context limit: checkpoint to report file, output resume command, wait for new session.

### When to Use

Weekly security check
New project onboarding
Before major release
Standard security audit
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: dorukardahan
- Version: 3.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T12:13:28.424Z
- Expires at: 2026-05-06T12:13:28.424Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/ralph-security)
- [Send to Agent page](https://openagent3.xyz/skills/ralph-security/agent)
- [JSON manifest](https://openagent3.xyz/skills/ralph-security/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/ralph-security/agent.md)
- [Download page](https://openagent3.xyz/downloads/ralph-security)