web-security
web-security
Purpose
This skill enables developers to implement and audit web security measures based on OWASP Top 10 guidelines, including CSP, CORS, XSS/CSRF prevention, authentication patterns, and dependency scanning. It focuses on protecting web applications from common vulnerabilities like injection attacks and unauthorized access.
When to Use
Use this skill during web application development, security audits, or deployments. Apply it when building APIs, handling user authentication, configuring cross-origin requests, or scanning dependencies for known vulnerabilities. Ideal for projects using frameworks like Express.js or React, or when integrating third-party libraries.
Key Capabilities
- OWASP Top 10 Scanning: Detects issues like SQL injection and broken authentication; use built-in checks via
openclaw web-security scan --owasp. - CSP Configuration: Generates Content Security Policy headers; example: set policy with
openclaw web-security csp --policy "default-src 'self'" - CORS Management: Enforces Cross-Origin Resource Sharing; configure with
openclaw web-security cors --allow "https://example.com". - XSS/CSRF Prevention: Provides sanitization functions and token generation; e.g., inject anti-CSRF in code:
const token = generateCSRFToken(); res.setHeader('X-CSRF-Token', token); - Authentication Patterns: Implements JWT or session-based auth; scan for weaknesses with
openclaw web-security auth --check. - Dependency Scanning: Analyzes npm/yarn packages for vulnerabilities; run with
openclaw web-security depscan --path ./package.json.
Usage Patterns
To accomplish tasks, invoke the skill via OpenClaw's CLI or API. For scanning, provide project paths and flags; for configuration, output directly to code files. Always set environment variables for authentication, e.g., export $OPENCLAW_API_KEY before running commands. Example pattern: Pipe output to a file for integration, like openclaw web-security scan --output report.json. For code snippets, embed generated security code into your app; e.g., add CSP middleware in Express: app.use((req, res, next) => { res.setHeader('Content-Security-Policy', "default-src 'self'"); next(); });
More from alphaonedev/openclaw-graph
playwright-scraper
Playwright web scraping: dynamic content, auth flows, pagination, data extraction, screenshots
1.4Kgcp-iam
Manages identity and access control for Google Cloud resources using IAM policies and roles.
370humanize-ai-text
AI text humanization: reduce AI-detection patterns, natural phrasing, tone adjustment
260macos-automation
AppleScript, JXA, Shortcuts, Automator, osascript, System Events, accessibility API
173tavily-web-search
Tavily: web search optimized for AI agents, answer synthesis, domain filtering, depth control
154clawflows
OpenClaw workflow automation: multi-step task chains, conditional logic, triggers, schedule
102