OpenClaw LaunchOpenClaw Launch
🔍

Code Vulnerability Scanner

Verified

by Community

Reviews source code for common security vulnerabilities including injection flaws, authentication issues, data exposure, and insecure dependencies with remediation guidance.

securitycode-reviewvulnerabilitiesSASTOWASPscanning

Code Vulnerability Scanner

Identify security vulnerabilities in source code through manual review patterns and automated tool recommendations. Covers OWASP Top 10 vulnerability categories with language-specific guidance.

Usage

Paste code snippets for review or describe your application architecture for a vulnerability assessment. The scanner identifies security issues by category, rates severity, and provides specific code fixes.

Parameters

  • Language: JavaScript/TypeScript, Python, Java, Go, PHP, Ruby, or C#
  • Framework: Express, Django, Spring, Next.js, Rails, or Laravel
  • Focus: Full scan, Auth/session, Input handling, Data exposure, or Dependencies
  • Code: Paste the code to review

Examples

  1. SQL Injection Check: Review database query patterns for injection vulnerabilities — identifying string concatenation in queries, missing parameterized queries, and ORM misuse.
  1. Node.js Express Audit: Scan an Express application for common issues — missing helmet middleware, prototype pollution, path traversal, SSRF in user-supplied URLs, and unsafe deserialization.
  1. Authentication Flow Review: Audit login, registration, and password reset code for timing attacks, credential stuffing vulnerability, weak hashing (MD5/SHA1), and session fixation.
  1. React Frontend Security: Check for XSS vectors in React — dangerouslySetInnerHTML usage, href="javascript:" patterns, eval usage, and unsafe third-party script loading.

Guidelines

  • Vulnerabilities are categorized by OWASP Top 10 and CWE identifiers
  • Severity ratings follow CVSS scoring: Critical, High, Medium, Low, Informational
  • Each finding includes: location, vulnerability description, exploit scenario, and fix
  • Code fixes show before/after with explanations of why the fix works
  • False positive indicators help distinguish actual vulnerabilities from safe patterns
  • Language-specific security features are recommended (prepared statements, CSP, CSRF tokens)
  • Automated SAST tools are recommended for continuous scanning (Semgrep, CodeQL, Snyk)
  • Supply chain security covers dependency auditing (npm audit, pip-audit, Dependabot)
  • CI/CD integration recommendations automate security checks in the development workflow
  • Security testing complements code review — both are needed for comprehensive coverage

More Security Skills

shield
1Claw

HSM-backed vault for agent secrets; store, rotate, share securely.

shield
1Password

Set up and use 1Password CLI (op).

shield
Auditing Appstore Readiness

Audit an iOS app repo.

shield
Authensor Gateway

Fail-safe policy gate for OpenClaw marketplace skills.