flaw0_skill

This skill scans OpenClaw code, plugins, and dependencies for security flaws using AI models to help you achieve flaw 0.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill flaw0

  • _meta.json267 B
  • SKILL.md11.8 KB

Overview

This skill is a security and vulnerability scanner tailored for OpenClaw projects, plugins, skills, and Node.js dependencies. It combines pattern-based checks with OpenClaw AI models to detect code flaws, dependency CVEs, and risky patterns. The goal is to help teams reach and maintain a "flaw 0" security score through actionable findings and suggested fixes.

How this skill works

flaw0 scans source files and dependency trees using fast pattern matching, then enriches findings with AI-powered context analysis to reduce false positives and provide remediation steps. It integrates npm audit and CVE databases for dependency issues, weights findings by severity, and computes a cumulative flaw score. Results can be exported as JSON for CI/CD gates or reviewed interactively in the terminal.

When to use it

  • Before installing third-party skills or plugins to verify safety
  • During development to catch injections, hardcoded secrets, and unsafe APIs early
  • As a pre-commit or CI step to prevent regressions and enforce security thresholds
  • Before releasing or deploying to validate dependencies and configuration
  • When auditing an entire OpenClaw installation (core, plugins, and skills)

Best practices

  • Fix critical and high-severity issues immediately; they have largest score impact
  • Run both code and dependency scans; some vulnerabilities appear only in package trees
  • Use configuration file to ignore noisy patterns and set acceptable flaw score
  • Integrate scans into CI with JSON output to block builds above threshold
  • Validate AI suggestions manually and apply recommended fixes in code reviews

Example use cases

  • Scan a downloaded skill before installing: fl aw0 scan /tmp/some-skill
  • Run full project audit and save report for compliance: flaw0 audit --output report.json
  • Automate security gate in GitHub Actions to fail on non-zero flaw score
  • Check dependencies after package updates with flaw0 deps --deep
  • Periodic maintenance scan across all installed OpenClaw skills and plugins

FAQ

The flaw score is a weighted sum of findings (critical=3, high=2, medium=1, low=0.5). Lower is better; flaw 0 means no issues detected.

Do I need an API key?

Yes. AI analysis requires an Anthropic API key set in ANTHROPIC_API_KEY. Dependency checks use npm and the public CVE sources.

Can I run flaw0 in CI?

Yes. Use flaw0 audit --json and fail the build when flawScore exceeds your configured maxFlawScore.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational