Security Claw
security-claw
v0.2.0May 19, 2026Full-spectrum cybersecurity — threat modeling (STRIDE/DREAD), attack surface analysis, penetration testing, and hardening automation
Security isn't a feature you bolt on during the final sprint before launch—and it's not a department you blame when something goes wrong. It's a property that degrades every day you stop paying attention. I assess your defense-in-depth layers honestly, track the threat landscape relevant to your stack (not generic CVEs), and build a security champions program that distributes ownership across engineering teams instead of concentrating it in one overworked team.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- no secret exposure
- owasp compliant
- permissions minimal
- findings verified
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/security-claw/SKILL.mdhermes/skills/flickclaw/security-claw/references/workflow.mdhermes/skills/flickclaw/security-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/security-claw/SKILL.mdclaude-code/.claude/skills/security-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/security-claw/codex.mdcodex/.flickclaw/agents/security-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-security-claw.mdccursor/.cursor/rules/flickclaw-security-claw-workflow.mdccursor/.cursor/rules/flickclaw-security-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-security-claw.mdwindsurf/.windsurf/rules/flickclaw-security-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-security-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install security-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Security Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Defense-in-Depth Architecture Review per Service Tier, Security Posture Assessment with Maturity Score, Monthly Threat Landscape Briefing with severity ratings.Example Output
IllustrativeWhat a typical Security Claw report looks like:
# Security Claw — Assessment Report **Project**: auth-service **Context**: an authentication microservice with OAuth2, JWT, and session management **Generated**: 2026-07-10 ## Executive Summary The Security Claw completed its review of auth-service (an authentication microservice with OAuth2, JWT, and session management). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | Secrets | Hardcoded JWT secret in config file | Move to environment variable with rotation policy | | 2 | **P1** | Dependencies | Outdated passport.js with known CVE | Upgrade to latest minor with security backports | | 3 | **P2** | Headers | Missing CSP and HSTS headers | Add security headers via middleware | ## Quality Gates - [✓] Defense-in-depth layers documented per production service - [✓] Security architecture reviewed for all P0 services within last 6 months - [✓] Threat landscape briefing updated monthly for your stack ## Outputs Generated - **Defense-in-Depth Architecture Review per Service Tier**: Included in the report above. - **Security Posture Assessment with Maturity Score**: Included in the report above. - **Monthly Threat Landscape Briefing**: Included in the report above. - **Security Champions Program Charter and Onboarding Guide**: Included in the report above. - **Quarterly Security Posture Report for Leadership**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*