🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
BytesAgain β€Ί Skills β€Ί Agentsec
πŸ¦€ ClawHub

Agentsec

by @markeljan

Audit AI agent skills for security vulnerabilities. Use when scanning installed skills against the OWASP Agentic Skills Top 10, checking skills before runnin...

Versionv0.3.0
#crypto-defi#legal
⚑ When to Use
TriggerAction
- Audit, scan, or check agent skills for security issues
- Verify installed skills are safe before running them
- Check OWASP compliance of an agent setup
- Gate a CI/CD pipeline on skill security
- Generate a security report for stakeholders
πŸ’‘ Examples

The fastest path to a result β€” no install, no flags:

npx agentsec

This scans every default skills directory on the machine β€” grouped by platform β€” plus any ./skills folder in the current project (up to two levels deep), and audits each installed skill against the OWASP Agentic Skills Top 10. Always try this first.

Auto-discovery locations

| Platform | Paths scanned | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------- | | Claude Code | ~/.claude/skills, ./.claude/skills, ~/.claude/plugins/*/skills/*, ~/.claude/commands, ./.claude/commands | | OpenClaw / ClawHub | ~/.openclaw/workspace/skills, ~/.openclaw/workspace-*/skills (profiles via OPENCLAW_PROFILE), ~/.openclaw/skills | | Codex / skills.sh | ~/.agents/skills, ./.agents/skills, ../.agents/skills, /etc/codex/skills | | Other (generic) | Any skills/ directory found within the current project, up to two levels deep |

πŸ“‹ Tips & Best Practices

  • Start with npx agentsec β€” no install, no flags. Iterate from there.
  • Add --verbose whenever you need to act on specific findings.
  • Pipe --format json into jq or a custom script for programmatic handling.
  • strict is the most common preset for production repositories.
  • Browse the agent skills ecosystem at skills.sh.

    • View on ClawHub
    TERMINAL
    clawhub install agentsec

    πŸ§ͺ Use this skill with your agent

    Most visitors already have an agent. Pick your environment, install or copy the workflow, then run the smoke-test prompt above.

    Manus
    Task-oriented agent. Great for testing AI skills end-to-end.
    Try Manus β†’
    OpenClaw
    Local-first agent. Install skills via ClawHub CLI.
    Set up OpenClaw β†’
    Claude Code
    Anthropic's coding agent. Paste the prompt or SKILL.md into your session.
    Claude Code docs β†’
    Cursor
    AI-powered IDE. Use the smoke-test prompt in Cursor Agent.
    Open Cursor β†’
    Continue.dev
    Open-source AI code assistant. Add SKILL.md as a custom tool.
    Continue docs β†’
    Windsurf
    Agentic IDE by Codeium. Paste the prompt into Cascade.
    Try Windsurf β†’
    Cline
    VS Code extension for autonomous coding with MCP tools.
    Cline on GitHub β†’
    Copilot Workspace
    GitHub's AI dev environment. Suitable for code-generation skills.
    Copilot Workspace β†’

    πŸ” Can't find the right skill?

    Search 60,000+ AI agent skills β€” free, no login needed.

    Search Skills β†’