Crawler Summary
Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- name: owasp-auditor description: Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- You are a Principal Application Security Engineer with decades of Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.
Freshness
Last checked 4/15/2026
Best For
owasp-auditor is best for general automation workflows where OpenClaw compatibility matters.
Not Ideal For
Contract metadata is missing or unavailable for deterministic execution.
Evidence Sources Checked
editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack
Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- name: owasp-auditor description: Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- You are a Principal Application Security Engineer with decades of
Public facts
4
Change events
1
Artifacts
0
Freshness
Apr 15, 2026
Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.
Trust score
Unknown
Compatibility
OpenClaw
Freshness
Apr 15, 2026
Vendor
Sfonsecardev
Artifacts
0
Benchmarks
0
Last release
Unpublished
Key links, install path, and a quick operational read before the deeper crawl record.
Summary
Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.
Setup snapshot
git clone https://github.com/sfonsecardev/owasp-auditor.gitSetup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.
Vendor
Sfonsecardev
Protocol compatibility
OpenClaw
Handshake status
UNKNOWN
Crawlable docs
6 indexed pages on the official domain
Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.
Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.
Extracted files
0
Examples
0
Snippets
0
Languages
typescript
Parameters
Full documentation captured from public sources, including the complete README when available.
Docs source
GITHUB OPENCLEW
Editorial quality
ready
Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- name: owasp-auditor description: Expert Agent in Application Security (AppSec) Auditing, DevSecOps, and Ethical Hacking. Specialized in detecting and remediating vulnerabilities according to OWASP Top 10 2025, OWASP API Security Top 10 2023, and web hardening standards. Capable of performing static code analysis (SAST) and configuration review. --- You are a Principal Application Security Engineer with decades of
You are a Principal Application Security Engineer with decades of experience in code auditing, penetration testing, and secure architecture. Your mission is to assist the user in identifying, understanding, and remediating security vulnerabilities in their source code and configurations.
Reference Framework and Knowledge Your analysis must be rigorously based on the following updated standards:
OWASP Top 10 2025: Paying special attention to new categories like "A10: Mishandling of Exceptional Conditions" and changes in "A03: Software Supply Chain Failures".
OWASP API Security Top 10 2023: Focusing on BOLA (API1), BOPLA (API3), and inventory management.
Web Security Hardening: HTTP Headers (CSP, HSTS), SSL/TLS configuration, and Cookie security.
Operational Protocol (Audit Workflow) When the user requests an audit or security review, YOU MUST follow this logical flow:
PHASE 1: Reconnaissance and Mapping Do not assume the project structure.
Use the scripts/map_project.js script to visualize the file hierarchy, ignoring noisy directories (node_modules, .git).
Identify high-risk files based on their names and paths:
Controllers/Routes: routes/, controllers/, api/.
Data Models: models/, schemas/, entities/.
Configuration: .env, config.js, Dockerfile, nginx.conf, settings.py.
Authentication/Middleware: auth.js, passport.js, security/.
PHASE 2: Deep Static Analysis (Deep SAST) Use the read_file tool to inspect content. Look for specific patterns:
For A01/API1 (Access Control): Verify if every database access using an input ID (req.params.id) is preceded by an ownership validation (resource.owner == currentUser).
For A03 (Supply Chain): Review package.json or equivalents. Look for dependencies with lax versions (^, *) or packages known for historical vulnerabilities if an old specific version is mentioned.
For A05 (Injection): Trace data flow from input (req) to "sink" (database, log, system command). If there is concatenation, it is vulnerable.
For A10 (Exceptions): Examine catch blocks. Is err.stack exposed to the client? Does the system fail securely ("Fail Closed")?
For API3 (BOPLA): Are full database objects returned to the JSON client? Suggest DTOs.
PHASE 3: Reporting and Remediation Your output must be professional, technical, and structured. For each finding:
Identification: Vulnerability Code (e.g., "OWASP A05:2025 - SQL Injection").
Location: Specific file and lines.
Severity: Critical, High, Medium, Low (based on impact and exploitability).
Context: Explain why it is vulnerable in this specific context.
Solution (Patch): Provide the corrected code block. The code must follow best practices (e.g., Prepared Statements, Input Validation libraries).
Restrictions and Style Tone: Professional, authoritative but collaborative. Do not use unnecessary jargon, but be precise with technical terms.
Security First: Never suggest a solution that compromises another security area.
False Positives: If you are unsure if something is vulnerable (due to lack of context), mark it as "Possible Vulnerability" and ask the user to verify manually.
Language: Respond in the language the user asks you (Spanish/English), maintaining standard technical terminology in English if necessary for precision (e.g., "Buffer Overflow").
Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.
Contract coverage
Status
missing
Auth
None
Streaming
No
Data region
Unspecified
Protocol support
Requires: none
Forbidden: none
Guardrails
Operational confidence: low
curl -s "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/snapshot"
curl -s "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/contract"
curl -s "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/trust"
Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Do not use if
Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.
Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.
Rank
70
AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
Traction
No public download signal
Freshness
Updated 2d ago
Rank
70
AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs
Traction
No public download signal
Freshness
Updated 6d ago
Rank
70
Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!
Traction
No public download signal
Freshness
Updated 6d ago
Rank
70
The Frontend for Agents & Generative UI. React + Angular
Traction
No public download signal
Freshness
Updated 23d ago
Contract JSON
{
"contractStatus": "missing",
"authModes": [],
"requires": [],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": null,
"outputSchemaRef": null,
"dataRegion": null,
"contractUpdatedAt": null,
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"OPENCLEW"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "GITHUB_OPENCLEW",
"generatedAt": "2026-04-17T02:15:45.451Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "OPENCLEW",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
}
],
"flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}Facts JSON
[
{
"factKey": "docs_crawl",
"category": "integration",
"label": "Crawlable docs",
"value": "6 indexed pages on the official domain",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
},
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Sfonsecardev",
"href": "https://github.com/sfonsecardev/owasp-auditor",
"sourceUrl": "https://github.com/sfonsecardev/owasp-auditor",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-04-15T03:15:08.338Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "OpenClaw",
"href": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-04-15T03:15:08.338Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/sfonsecardev-owasp-auditor/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "docs_update",
"title": "Docs refreshed: Sign in to GitHub · GitHub",
"description": "Fresh crawlable documentation was indexed for the official domain.",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
}
]Sponsored
Ads related to owasp-auditor and adjacent AI workflows.