Agentsecly Ai Agent Security
by @krishnakumarmahadevan-cmd
Generate AI agent security advisories with threat analysis, MITRE ATT&CK mapping, and remediation guidance. Use when assessing AI agent security risks, evalu...
clawhub install agentsecly-ai-agent-securityπ About This Skill
name: agentsecly-ai-agent-security description: Generate AI agent security advisories with threat analysis, MITRE ATT&CK mapping, and remediation guidance. Use when assessing AI agent security risks, evaluating prompt injection threats, analyzing data leakage risks from AI agents, securing autonomous AI systems, or building AI agent security policies. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "π€" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security
AgentSecly β AI Agent Security Advisory π€π
Generate comprehensive security advisories for AI agents with threat analysis, severity scoring, MITRE ATT&CK mapping, and remediation guidance. Covers prompt injection, data leakage, model manipulation, unauthorized access, and more β tailored to specific agent types like SOC analysts, chatbots, autonomous security agents, and code analysis tools.
Built by a CISSP/CISM certified security professional at ToolWeb.in
When to Use
Prerequisites
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the systemCRITICAL: Always Call the API
API Endpoint
POST https://portal.toolweb.in/apis/security/agentsecly
Threat Categories
| Key | Threat | Severity Base | |-----|--------|--------------| | prompt_injection | Prompt Injection / Jailbreak | 75 | | data_leakage | Data Leakage / Exfiltration | 85 | | model_manipulation | Model Manipulation / Poisoning | 80 | | unauthorized_access | Unauthorized Access / Auth Bypass | 90 |
Agent Profiles
| Profile | Risk Multiplier | Key Concerns | |---------|----------------|--------------| | autonomous_security | 1.3x | Unauthorized actions, false positive escalation | | soc_analyst | 1.2x | Alert manipulation, investigation tampering | | threat_detection | 1.25x | Detection bypass, signature manipulation | | incident_response | 1.35x | Improper containment | | vulnerability_scanner | 1.15x | Scan evasion | | code_analysis | 1.1x | Code injection | | chatbot_assistant | β | Data exposure, prompt injection |
Workflow
1. Gather inputs from the user:
Required:
- threatTitle β Short title of the threat (e.g., "Prompt Injection Attack on Customer Support Bot")
- threatDescription β Detailed description of the threat scenario
- threatCategory β One of: "prompt_injection", "data_leakage", "model_manipulation", "unauthorized_access"
- environment β Deployment environment (e.g., "Production cloud environment", "On-premise SOC", "Hybrid infrastructure")
- impact β Expected impact level (e.g., "High - customer data exposure", "Critical - autonomous action compromise")
- sensitivity β Data sensitivity level (e.g., "High", "Medium", "Low", "Critical")
Optional:
- agentTypes β List of agent profiles affected, e.g., ["chatbot_assistant", "soc_analyst"] (default: [])
- capabilities β Agent capabilities at risk, e.g., ["web_browsing", "file_access", "code_execution", "api_calls"] (default: [])
- securityControls β Existing security controls, e.g., ["input_validation", "output_filtering", "rate_limiting", "audit_logging"] (default: [])
2. Call the API:
curl -s -X POST "https://portal.toolweb.in/apis/security/agentsecly" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"assessmentData": {
"threatTitle": "",
"threatDescription": "",
"threatCategory": "",
"agentTypes": [""],
"capabilities": [""],
"environment": "",
"securityControls": [""],
"impact": "",
"sensitivity": "",
"timestamp": ""
},
"sessionId": "",
"timestamp": ""
}'
3. Present results with severity score, MITRE mapping, and remediation.
Output Format
π€ AI Agent Security Advisory
βββββββββββββββββββββββββββββThreat: [threatTitle]
Category: [threatCategory]
Severity: [score]/100 β [Critical/High/Medium/Low]
π― MITRE ATT&CK Mapping:
[Tactic IDs and names]
β οΈ Threat Analysis:
[Detailed analysis of the threat vector]
π‘οΈ Agent Profiles Affected:
[Agent types and specific concerns]
π§ Remediation Actions:
1. [Immediate action] β Priority: Critical
2. [Short-term action] β Priority: High
3. [Long-term action] β Priority: Medium
π Security Controls Recommended:
[Specific controls to implement]
π Full advisory powered by ToolWeb.in
Error Handling
TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.inExample Interaction
User: "Assess the prompt injection risk for our customer support chatbot"
Agent flow: 1. Ask: "I'll generate a security advisory. Tell me: - What environment is the chatbot deployed in? - What capabilities does it have (web browsing, file access, API calls)? - What existing security controls do you have? - How sensitive is the data it handles?" 2. User responds with details 3. Call API:
curl -s -X POST "https://portal.toolweb.in/apis/security/agentsecly" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"assessmentData": {
"threatTitle": "Prompt Injection on Customer Support Chatbot",
"threatDescription": "Risk of malicious prompts bypassing safety controls to extract customer PII or manipulate chatbot responses",
"threatCategory": "prompt_injection",
"agentTypes": ["chatbot_assistant"],
"capabilities": ["web_browsing", "api_calls"],
"environment": "Production cloud (AWS)",
"securityControls": ["input_validation", "rate_limiting"],
"impact": "High - customer PII exposure",
"sensitivity": "High",
"timestamp": "2026-03-14T12:00:00Z"
},
"sessionId": "sess-20260314-001",
"timestamp": "2026-03-14T12:00:00Z"
}'
4. Present severity score, MITRE mapping, and remediation stepsPricing
About
Created by ToolWeb.in β a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.
Related Skills
Tips
β‘ When to Use
βοΈ Configuration
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the system