sageox

ox 6-phase AI security review pipeline. Combines deterministic OSS scanners (OpenGrep, govulncheck, OSV-Scanner, Syft+Grype, gitleaks) with parallel Claude hunter/validator subagents to find CLI input handling bugs, secret/credential redaction bypasses, daemon IPC authz holes, supply-chain risks, and LLM trust-boundary issues. Diff-scoped (vs origin/main by default). Never blocks merge. Use when a

Complete toolkit for SageOx team knowledge. Query team context, manage AI coworkers, distill and summarize activity, see what coworkers are working on, catch up after time away, import/export knowledge, and manage configured repos. Use when: searching team discussions, loading expert agents, running distillation, generating summaries, checking coworker activity, catching up, importing documents or

Use this skill before publishing any ClawHub skill from this repo, or after editing a SKILL.md, to verify the skill won't be flagged or rejected by ClawHub's server-side moderation pipeline. The skill re-implements every static-scanner rule from openclaw/clawhub's `convex/lib/moderationEngine.ts` plus the frontmatter spec from `docs/skill-format.md` and runs them locally. Triggers: "lint the claws

Watch an open pull request for new CI failures and review comments and drive it to a clean state. Uses the Monitor tool to stream PR status changes in real time so reactions are immediate instead of polled. Handles CodeRabbit nitpicks with judgment (do not blanket-skip) and treats "out of date" comments as still-relevant until proven otherwise. Replies to and resolves each thread as it's addressed

SageOx team context and session recording for AI coworkers. Use when working in a repository that has .sageox/ initialized, when you need team conventions, or when recording coding sessions to a shared ledger.