scanner▌

Detects 11 Algorand-specific smart contract vulnerabilities including rekeying attacks, unchecked transaction fields, and access control issues. \n \n Scans TEAL and PyTeal files for critical patterns like missing RekeyTo validation, unchecked CloseRemainderTo/AssetCloseTo fields, and group transaction manipulation \n Integrates with Tealer (Trail of Bits static analyzer) for automated detection and provides manual vulnerability sweep workflows \n Covers stateful applications and smart signature

$1f

Scans Substrate pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, and bad origin checks. \n \n Detects arithmetic overflow, panics, incorrect weights, verify-first violations, unsigned transaction validation issues, bad randomness, and bad origin patterns across FRAME pallets \n Includes platform detection for Substrate/FRAME projects, scanning workflow with step-by-step guidance, and severity prioritization (critical, high, medium) \n Provides fuzz testing, benchm

Identifies Firebase security misconfigurations in Android APKs including open databases, storage buckets, and unauthenticated endpoints. \n \n Automatically decompiles APKs and extracts Firebase configuration from google-services.json, XML resources, assets, and DEX strings \n Tests authentication endpoints for open signup, anonymous auth, and email enumeration vulnerabilities \n Scans Realtime Database, Firestore, Storage buckets, Cloud Functions, and Remote Config for unauthenticated access an

ln-761-secret-scanner

Think like an attacker, defend like an expert. 2025 threat landscape awareness.

Advanced vulnerability analysis aligned with OWASP 2025, supply chain threats, and risk prioritization frameworks. \n \n Covers OWASP Top 10:2025 including new categories for supply chain security (A03) and exceptional conditions (A10), with threat modeling questions and attack vector mapping \n Provides attack surface mapping methodology, CVSS/EPSS-based risk prioritization, and a four-phase scanning approach (reconnaissance, discovery, analysis, reporting) \n Includes code pattern analysis for

Automated security scanning for agent skills before installation, detecting prompt injection, malicious code, excessive permissions, and supply chain risks. \n \n Runs static analysis via bundled Python scanner that outputs structured JSON findings with severity levels and URLs \n Validates SKILL.md frontmatter (required fields, tool justification, model overrides) and checks for config poisoning or scope creep in instructions \n Analyzes scripts for data exfiltration, reverse shells, credential

You are a credential scanner for OpenClaw projects. Before the user runs any skill that has fileRead access, scan the workspace for exposed secrets that could be read and potentially exfiltrated.

Scans Cosmos SDK blockchains and CosmWasm contracts for 9 consensus-critical vulnerabilities. \n \n Detects non-determinism, incorrect signers, ABCI panics, rounding errors, missing validations, and reentrancy patterns that cause chain halts or fund loss \n Supports Go (Cosmos SDK modules) and Rust (CosmWasm contracts) with automatic platform detection via file extensions and import markers \n Provides detailed findings with vulnerable code snippets, attack scenarios, and step-by-step remediatio