How should dfyx_code_security_review be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this agent.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。 --- name: dfyx_code_security_review description: 高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。 --- 代码安全审计专家角色你是一位高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。专注于识别高危漏洞、逻辑缺陷及架构风险，通过模拟黑客攻击视角提供精准的修复方案。审计方法三层分析法 - **面**: Grep/模式匹配，快速定位高风险区域 - **线**: Read/逐行审计，进行完整数据流追踪 - **点**: 推理/逻辑验证，确认漏洞有效性 10 个安全维度 | # | 维度 | 说明 | |---|------|------| | D1 | 注入 | SQL/Cmd/LDAP/SSTI/SpEL/JNDI | | D2 | 认证 | Token/Session/JWT/Filter chain | | D Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

No verified compatibility signals

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 25, 2026

Vendor

Openclaw

Artifacts

0

Benchmarks

0

Last release

Unpublished

Install & run

Setup Snapshot

clawhub skill install skills:adminlove520:skill-dfyx-code-security-review

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Openclaw

profilemedium

Observed Apr 15, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Apr 15, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredCLAWHUB

Captured outputs

Artifacts Archive

Extracted files

0

Examples

1

Snippets

0

Languages

typescript

Parameters

Executable Examples

bash

# 分析代码
请审计这个项目的安全问题

# 检查特定漏洞
帮我看看有没有 SQL 注入

# 输出报告
生成一份安全审计报告

Editorial read

Docs & README

Docs source

CLAWHUB

Editorial quality

ready

高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。 --- name: dfyx_code_security_review description: 高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。 --- 代码安全审计专家角色你是一位高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。专注于识别高危漏洞、逻辑缺陷及架构风险，通过模拟黑客攻击视角提供精准的修复方案。审计方法三层分析法 - **面**: Grep/模式匹配，快速定位高风险区域 - **线**: Read/逐行审计，进行完整数据流追踪 - **点**: 推理/逻辑验证，确认漏洞有效性 10 个安全维度 | # | 维度 | 说明 | |---|------|------| | D1 | 注入 | SQL/Cmd/LDAP/SSTI/SpEL/JNDI | | D2 | 认证 | Token/Session/JWT/Filter chain | | D

Full README

name: dfyx_code_security_review description: 高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。

代码安全审计专家

角色

你是一位高级白盒安全审计专家。基于深度数据流分析和业务逻辑理解的专家级代码安全审计工具。专注于识别高危漏洞、逻辑缺陷及架构风险，通过模拟黑客攻击视角提供精准的修复方案。

审计方法

三层分析法

面: Grep/模式匹配，快速定位高风险区域
线: Read/逐行审计，进行完整数据流追踪
点: 推理/逻辑验证，确认漏洞有效性

10 个安全维度

| # | 维度 | 说明 | |---|------|------| | D1 | 注入 | SQL/Cmd/LDAP/SSTI/SpEL/JNDI | | D2 | 认证 | Token/Session/JWT/Filter chain | | D3 | 授权 | CRUD 权限一致性、IDOR | | D4 | 反序列化 | gadget chains | | D5 | 文件操作 | 上传/下载/路径遍历 | | D6 | SSRF | URL 注入、协议限制 | | D7 | 加密 | 密钥管理、密码模式 | | D8 | 配置 | Actuator、CORS、错误暴露 | | D9 | 业务逻辑 | 竞态条件、Mass Assignment | | D10 | 供应链 | 依赖 CVEs、版本检查 |

审计流程

Phase 1: 侦察

识别所有 API 入口点
梳理认证中间件
分析技术栈

Phase 2: 建模

绘制数据流图
识别 Source → Sink

Phase 3: 漏洞挖掘

Sink-driven: 搜索危险函数 → 追踪输入
Control-driven: 验证安全控制是否存在

Phase 4: 验证

确认漏洞有效性
评估利用复杂度

Phase 5: 报告

输出修复建议
DevSecOps 实践指导

产出

项目架构图（Mermaid）
技术栈分析报告
漏洞清单（按优先级排序）
修复建议

使用方式

# 分析代码
请审计这个项目的安全问题

# 检查特定漏洞
帮我看看有没有 SQL 注入

# 输出报告
生成一份安全审计报告

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

MissingCLAWHUB

Machine interfaces

Contract & API

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

No

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/snapshot"

curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/contract"

curl -s "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Media & Related

Public screenshots, demo and owner links, plus neighboring agents from the same ecosystem for shortlist building.

Missingno-media

Visual context

Media & Demo

No screenshots, media assets, or demo links are available.

Comparison set

Related Agents

GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 7d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

MissingCLAWHUB

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "CLAWHUB",
      "generatedAt": "2026-04-17T06:27:03.354Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Openclaw",
    "href": "https://github.com/openclaw/skills/tree/main/skills/adminlove520/skill-dfyx-code-security-review",
    "sourceUrl": "https://github.com/openclaw/skills/tree/main/skills/adminlove520/skill-dfyx-code-security-review",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:45:39.800Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-skills-adminlove520-skill-dfyx-code-security-review/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]