Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
dependency-auditor
Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting, and malicious packages.
setup-auditor
Audit your OpenClaw environment for credential leaks, unsafe defaults, and missing sandbox configuration. Wizard-style: answers questions about your setup and produces a fix checklist.
config-hardener
Audit and harden your OpenClaw configuration. Checks AGENTS.md, gateway settings, sandbox config, and permission policies for security weaknesses.
permission-auditor
Analyze OpenClaw skill permissions and explain exactly what each permission allows. Identifies over-privileged skills and suggests minimal permission sets.
skill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands. Flags anomalous behavior and enforces permission boundaries.
incident-responder
Step-by-step incident response for OpenClaw security breaches. Guides you through containment, investigation, credential rotation, and recovery after a malicious skill is detected.
credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration.
code-reviewer
Code review specialist for quality, security, and best practices
cli
Prefect CLI commands for mutations. The MCP server is read-only - use this skill when you need to trigger deployments, cancel flow runs, create automations, or modify Prefect resources.
supabase-report-compare
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
supabase-audit-auth-signup
Test if user signup is open and identify potential abuse vectors in the registration process.
supabase-audit-rpc
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
supabase-audit-auth-users
Test for user enumeration vulnerabilities through various authentication endpoints.
supabase-report
Generate a comprehensive Markdown security audit report with executive summary, findings, and remediation guidance.
supabase-audit-functions
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
supabase-evidence
Initialize and manage the evidence collection directory for professional security audits with documented proof of findings.
supabase-rls-fix
Fix Supabase RLS issues - handles missing user context, system processes, background jobs, and provides standardized RLS templates
deployment-workflows
CI/CD pipelines, zero-downtime deployments, infrastructure as code, and production deployment strategies
security-scan
Run comprehensive security vulnerability scans when reviewing code. Automatically uses basic mode (fast, high/medium severity only) for first reviews, advanced mode (comprehensive, all severities) for iterations. Detects SQL injection, XSS, hardcoded secrets, insecure dependencies. Use before approving any code changes or pull requests.
api-design-reviewer
Expert API design reviewer for REST, GraphQL, and gRPC APIs. Analyzes API designs for security, performance, consistency, scalability, and maintainability. Use when designing new APIs, reviewing API proposals, auditing existing endpoints, or before major API releases. Covers authentication, error handling, pagination, versioning, rate limiting, idempotency, documentation, and production readiness.
nextjs-turborepo
Full-stack web development with Next.js and Turborepo. Stack: Next.js 14+ (App Router, RSC, Server Actions, PPR, SSR, SSG, ISR), Turborepo (monorepo, pipelines, remote caching), RemixIcon (3100+ icons). Capabilities: server components, API routes, middleware, caching strategies, build optimization, monorepo management. Actions: create, build, deploy, optimize Next.js apps, setup monorepo, configure caching. Keywords: Next.js, App Router, Server Components, RSC, Server Actions, SSR, SSG, ISR, PPR, Turborepo, monorepo, remote cache, build pipeline, parallel execution, workspace, pnpm, icons. Use when: building Next.js apps, implementing SSR/SSG, setting up monorepos, optimizing build performance, configuring caching strategies, managing shared dependencies.
devops-patterns
DevOps patterns for infrastructure, CI/CD, and deployment automation. Use when configuring Docker containers, CI/CD pipelines, cloud deployments, Kubernetes, and monitoring. Covers GitHub Actions, Docker, Vercel, Railway, AWS, Terraform, and observability.
config-validator
Validate wavecapsdr.yaml configuration files for syntax errors, schema violations, and logical inconsistencies. Use when editing config, troubleshooting startup failures, or verifying recipe/preset definitions before deployment.
clerk-testing
E2E testing for Clerk apps. Use with Playwright or Cypress for auth flow tests.