FeaturesHow it WorksPricingFAQSkillsBlog
Home/Skills/Security/Security Scanner
dmx

Security Scanner

dmx·Feb 9, 2026
Security
4.6k1

Summary

TL;DR: Scans your codebase for known vulnerabilities, insecure patterns, and misconfigurations so you can fix them before they reach production.

Security Scanner is an OpenClaw skill that automated security scanning and vulnerability detection for web applications, APIs, and infrastructure. Use when you need to scan targets for vulnerabilities, check SSL certificates, find open ports, detect misconfigurations, or perform security audits. Integrates with nmap, nuclei, and other security tools.

Created by dmx, this skill has been downloaded 5k+ times on ClawHub. Install it with one command and your AI agent gains these capabilities right away. Browse all security skills for more auditing tools.

Use cases

  • Scan a pull request diff for newly introduced security issues before merging
  • Audit a legacy codebase you just inherited for hardcoded secrets and credentials
  • Check dependency manifests like package.json or requirements.txt for packages with known CVEs
  • Review authentication and authorization logic for common bypass patterns

Installation

Run this command to install the skill on your OpenClaw agent:

Install with OpenClaw
npx clawhub@latest install security-scanner
Downloads
4.6k
Active installs
57
Stars
1
Updated
Feb 9, 2026

Security scan

Security scan
VirusTotalBenign
View report
OpenClawSuspiciousmedium confidence

The skill's instructions are coherent for a security-scanning toolkit, but the package metadata omits required binaries and an install mechanism — an unexplained mismatch that warrants caution.

Purpose & Capability
Instruction Scope
Install Mechanism
Credentials
Persistence & Privilege

SKILL.md

SKILL.md
---
name: security-scanner
description: Automated security scanning and vulnerability detection for web applications, APIs, and infrastructure. Use when you need to scan targets for vulnerabilities, check SSL certificates, find open ports, detect misconfigurations, or perform security audits. Integrates with nmap, nuclei, and other security tools.
---

# Security Scanner

Automated security scanning toolkit for penetration testing and vulnerability assessment.

## Quick Start

### Port Scan
```bash
nmap -sV -sC -oN scan.txt TARGET
```

### Vulnerability Scan
```bash
nuclei -u TARGET -o results.txt
```

### SSL Check
```bash
sslscan TARGET
```

## Scan Types

### 1. Quick Recon
Fast initial scan for live hosts and open ports:
```bash
nmap -sn -T4 SUBNET  # Host discovery
nmap -F TARGET       # Fast port scan (top 100)
```

### 2. Full Port Scan
Comprehensive port and service detection:
```bash
nmap -p- -sV -sC -A TARGET -oN full_scan.txt
```

### 3. Web Application Scan
```bash
nuclei -u https://TARGET -t cves/ -t vulnerabilities/ -o web_vulns.txt
nikto -h TARGET -o nikto_report.txt
```

### 4. SSL/TLS Analysis
```bash
sslscan TARGET
testssl.sh TARGET
```

## Output

Save reports to `reports/security-scan-YYYY-MM-DD.md` with:
- Target information
- Open ports and services
- Vulnerabilities found (severity rated)
- Recommendations

## Ethics

- Only scan authorized targets
- Get written permission before testing
- Report vulnerabilities responsibly
- Never exploit without authorization

Version history

v1.0.0Latest
Feb 9, 2026

Initial release - nmap, nuclei, SSL scanning

Frequently asked questions

It works with most popular languages including JavaScript, TypeScript, Python, Go, Java, Ruby, and PHP. It analyzes both source code patterns and dependency files for each language.

Installation method

Send this prompt to your agent to install the skill

npx clawhub@latest install security-scanner
Download ZIP

Skill info

Versionv1.0.0
Authordmx
CategorySecurity
UpdatedFeb 9, 2026

Files

SKILL.md1.5 KB

Run OpenClaw in the cloud

Deploy in seconds. Skills pre-installed.

See plans

Skill data sourced from ClawHub