Tencent SkillHub · Security & Compliance

Ralph Ultra Security Audit

Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, references/personas.md, references/severity-guide.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 3.0.0

Provenance

Publisher: dorukardahan
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 19 sections Open source page

Ralph Ultra — 1,000 Iterations (~4-8 hours)

Deep-dive security audit with thorough coverage across all attack vectors.

References

Severity and triage guidance Expert persona descriptions

Execution Engine

YOU MUST follow this loop for EVERY iteration: STATE: Read current iteration (start: 1) PHASE: Determine phase from iteration number MIND: Activate appropriate expert persona for phase ACTION: Perform ONE check from current phase VERIFY: Before FAIL — read actual code, check libraries, check DB constraints, check environment. If inconclusive: NEEDS_REVIEW. REPORT: Output iteration result SAVE: Every 50 iterations, update .ralph-report.md INCREMENT: iteration + 1 CONTINUE: IF iteration <= 1000 GOTO Step 1 FINAL: Generate comprehensive report Critical rules: ONE check per iteration — deep, not wide ALWAYS show [ULTRA-X/1000] NEVER skip iterations CRITICAL findings: immediately flag Apply Red Team mindset to EVERY check

Per-Iteration Output

╔══════════════════════════════════════════════════════════════════╗ ║ [ULTRA-{N}/1000] Phase {P}: {phase_name} ║ ║ Mind: {active_expert_persona} ║ ╠══════════════════════════════════════════════════════════════════╣ ║ Check: {specific_check} ║ ║ Target: {file:line / endpoint / system} ║ ╠══════════════════════════════════════════════════════════════════╣ ║ Result: {PASS|FAIL|WARN|N/A} ║ ║ Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW} ║ ║ Severity: {CRITICAL|HIGH|MEDIUM|LOW|INFO} ║ ║ CVSS: {score} ║ ╠══════════════════════════════════════════════════════════════════╣ ║ Finding: {detailed description} ║ ║ Exploit: {proof of concept or "N/A"} ║ ║ Fix: {specific remediation} ║ ╠══════════════════════════════════════════════════════════════════╣ ║ Progress: [████████████░░░░░░░░] {N/10}% ║ ║ Phase: {current}/{8} | ETA: ~{time} remaining ║ ╚══════════════════════════════════════════════════════════════════╝

Expert Personas

PhasePersona1, 3, 7Cybersecurity Veteran2, 5Code Auditor (Pentester)4Container Security Expert6Dependency Hunter8All Minds Full persona descriptions in references/personas.md.

Phase Structure (1,000 Iterations)

PhaseIterationsFocus Area11-100Reconnaissance & Attack Surface2101-250OWASP Top 10 Deep Dive3251-400Authentication & Secrets4401-550Infrastructure & Containers5551-700Code Quality & Business Logic6701-850Supply Chain & Dependencies7851-950Compliance & Documentation8951-1000Final Verification & Report

Phase 1: Reconnaissance (1-100)

1-20: Platform sync — auto-detect stack, git sync, hash verification, environment drift 21-50: Attack surface — endpoint enumeration, auth mapping, rate limits, exposed ports, WebSocket/SSE 51-75: Hidden systems — undeclared services, cron jobs, orphan configs, Docker networks 76-100: Environment & docs — variable audit, .env drift, documentation accuracy, scoring

Phase 2: OWASP Top 10 (101-250)

IterOWASPFocus101-120A01Broken Access Control (IDOR, CORS, path traversal)121-140A02Cryptographic Failures (algorithms, keys, TLS)141-170A03Injection (SQL, Command, XSS, Template, Log)171-185A04Insecure Design (missing controls, business logic)186-200A05Security Misconfiguration (debug, errors, headers)201-215A06Vulnerable Components (dependency audit)216-230A07Auth Failures (credential stuffing, sessions)231-240A08Integrity Failures (deserialization, CI/CD)241-245A09Logging Failures246-250A10SSRF

Phase 3: Authentication & Secrets (251-400)

Pre-check: Determine library vs custom crypto before flagging. 251-300: Secret detection (API keys, passwords, git history) 301-340: JWT security (algorithm, claims, storage, revocation) 341-365: OAuth 2.0 (PKCE, redirect URI, state, token exchange) 366-385: Admin authentication (brute force, timing, lockout) 386-400: Rate limiting (coverage, bypass)

Phase 4: Infrastructure (401-550)

401-450: Container security (non-root, readonly, capabilities, limits) 451-490: Network security (ports, firewall, isolation, egress) 491-515: TLS/SSL (cert validity, ciphers, HSTS) 516-535: SSH security (key auth, config hardening) 536-550: Database security (SSL, permissions, backups)

Phase 5: Code Quality (551-700)

Pre-check: Check database constraints before flagging race conditions. 551-590: Race conditions (TOCTOU, concurrent access, locks) 591-630: Business logic (workflow bypass, state manipulation) 631-660: Error handling (safe messages, fail-safe defaults) 661-690: Resource management (connections, memory, DoS) 691-700: Complexity attacks (ReDoS, JSON bombs)

Phase 6: Supply Chain (701-850)

701-750: Dependency audit (CVEs, outdated, typosquatting) 751-790: Third-party API security (keys, webhooks, rate limits) 791-820: Container supply chain (base images, signatures) 821-850: CI/CD security (secrets, permissions, pinned actions)

Phase 7: Compliance (851-950)

851-885: Privacy compliance (GDPR, data retention, consent) 886-915: Security documentation (incident response, policies) 916-935: Operational security (access control, change mgmt) 936-950: Audit trail (logging completeness, retention)

Phase 8: Final Verification (951-1000)

951-970: Critical findings re-verification 971-985: Penetration test simulation 986-995: Security scorecard generation 996-1000: Final report and summary

Auto-Detect (Iteration 1)

git rev-parse --show-toplevel, git remote -v Stack: package.json, pyproject.toml, requirements.txt, go.mod, Cargo.toml Infra: Dockerfile, docker-compose.yml, k8s manifests, terraform CI/CD: .github/workflows, .gitlab-ci.yml, .circleci

Report File

On start: rename existing report. Auto-save every 50 iterations.

Parameters

ParamDefaultOptions--iterations10001-2000--focusallrecon, owasp, auth, infra, code, supply-chain, compliance, all--phaseall1-8--resume—Continue from checkpoint

Context Limit Protocol

Checkpoint to .ralph-report.md, output resume command, wait for new session.

When to Use

Before major release Compliance audit preparation Security incident investigation Deep dive after /ralph-security flags issues

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

3 Docs

SKILL.md Primary doc
references/personas.md Docs
references/severity-guide.md Docs