security-code-review
Security Code Review
Perform a thorough security review of the changes in a GitHub PR or issue, producing a structured report with per-category verdicts.
Prerequisites
gh(GitHub CLI) must be installed and authenticated.gitmust be available.- Network access to clone repositories and fetch PR metadata.
When to Use
- Reviewing a pull request before merge for security vulnerabilities.
- Triaging a GitHub issue that reports a potential security flaw.
- Auditing code changes for hardcoded secrets, injection flaws, auth bypasses, or insecure configurations.
Step 1: Parse the GitHub URL
If the user provided a PR or issue URL, extract the owner, repo, and number. If not, ask for one.
More from nvidia/nemoclaw
nemoclaw-deploy-remote
Explains how to run NemoClaw on a remote GPU instance, including the deprecated Brev compatibility path and the preferred installer plus onboard flow. Describes security hardening measures applied to the NemoClaw sandbox container image. Use when reviewing container security, Docker capabilities, process limits, or sandbox hardening controls. Explains how Telegram reaches the sandboxed OpenClaw agent through OpenShell-managed processes and onboarding-time channel configuration. Use when setting up Telegram, a chat interface, or messaging integration without relying on nemoclaw start for bridges.
2find-review-pr
Finds open GitHub PRs with security and priority-high labels, links each to its issue, detects duplicates (multiple PRs fixing the same issue), and presents a table of review candidates. Use when looking for the next PR to review. Trigger keywords - find pr, find review, next pr, pr to review, duplicate pr, security pr.
1nemoclaw-configure-inference
Lists all inference providers offered during NemoClaw onboarding. Use when explaining which providers are available, what the onboard wizard presents, or how inference routing works. Changes the active inference model without restarting the sandbox. Use when switching inference providers, changing the model runtime, or reconfiguring inference routing. Connects NemoClaw to a local inference server. Use when setting up Ollama, vLLM, TensorRT-LLM, NIM, or any OpenAI-compatible local model server with NemoClaw.
1nemoclaw-skills-guide
Start here. Introduces what NemoClaw is, what agent skills are available, and which skill to use for a given task. Use when discovering NemoClaw capabilities, choosing the right skill, or orienting in the project. Trigger keywords - skills, capabilities, what can I do, help, guide, index, overview, start here.
1nemoclaw-maintainer-day
Runs the daytime maintainer loop for NemoClaw, prioritizing items labeled with the current version target. Picks the highest-value item, executes the right workflow (merge gate, salvage, security sweep, test gaps, hotspot cooling, or sequencing), and reports progress. Use during the workday to land PRs and close issues. Designed for /loop (e.g. /loop 10m /nemoclaw-maintainer-day). Trigger keywords - maintainer day, work on PRs, land PRs, make progress, what's next, keep going, maintainer loop.
1nemoclaw-user-workspace
Hows to back up and restore OpenClaw workspace files before destructive operations. Whats workspace personality and configuration files are, where they live, and how they persist across sandbox restarts.
1