BoostSecurity

Security

Neotask on OpenClaw makes application security continuous via BoostSecurity — validating packages, surfacing violations, and keeping your codebase free of exploitable dependencies.

What You Can Do

The BoostSecurity integration gives Neotask 4 security validation actions covering package validation and violation management.

  • `validate_package` — check any open-source package against BoostSecurity's risk database (public access, no API key required)
  • `get_finding` — retrieve full details on a specific security finding including severity, context, and remediation guidance
  • `get_violations` — query all violations in your workspace by severity, policy, or time range
  • `get_violations_by_package` — pull all violations associated with a specific dependency across your entire codebase

    • Every action runs autonomously or requires your approval — you decide.

    Try Asking

  • "Validate these 10 npm packages we're considering adding to our project"
  • "Show me all high-severity violations from the last 30 days"
  • "What findings are associated with the log4j package across our repos?"
  • "Pull the full details on finding BOOST-2024-5678"

    • Pro Tips

  • Use `validate_package` in your code review workflow — your agent checks every new dependency a PR introduces before it merges
  • Schedule a weekly violations report: your agent queries open violations, groups by severity, and delivers a summary to your security channel
  • Pair with your ticketing system so critical findings automatically become engineering tasks with owners and due dates
  • `get_violations_by_package` is especially powerful for incident response — when a new vulnerability drops for a popular library, instantly see everywhere you're exposed

    • Works Well With