Security Auditor

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

Security Audit Toolkit

Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.

Clawdbot Security Check

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to

Dont Hack Me

別駭我！基本安全檢測 — Security self-check for Clawdbot/Moltbot. Run a quick audit of your clawdbot.json to catch dangerous misconfigurations — exposed gateway, missing auth, open DM policy, weak tokens, loose file permissions. Auto-fix included. Invoke: "run a security check" or "幫我做安全檢查".

Skill Security Auditor

Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.

OpenClaw Security Monitor

Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments

Security Audit (Sona)

Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.

AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Security Skill Scanner

Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.

Information Security Manager Iso27001

ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control imple...

Workspace Explorer

Securely share your workspace with your owner via a remote VS Code environment. Use when (1) the owner requests to view or inspect your working files, (2) you need to give the owner live access to browse your codebase, (3) the owner wants to install extensions or use IDE features to explore files, or (4) you need a temporary secure tunnel for remote workspace inspection.

OpenClaw Credential Manager

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Includes GPG encryption for high-value secrets, credential rotation tracking, deep scanning, and backup hardening. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments.

Go Security Vulnerability

Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.

Arc Sentinel

Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.

OpenClaw Cloudflare Secure

Securely expose an OpenClaw Gateway WebUI on a VPS via Cloudflare Zero Trust Access + Cloudflare Tunnel (cloudflared), including DNS cutover for custom hostnames and optional cleanup of Tailscale Serve.

Home Assistant Agent (Secure)

Control Home Assistant smart home devices securely using the Assist (Conversation) API. Passes natural language to Home Assistant's built-in NLU for safe, to...

Aegis Audit

Deep behavioral security audit for AI agent skills and MCP tools. Performs deterministic static analysis (AST + Semgrep + 15 specialized scanners), cryptographic lockfile generation, and optional LLM-powered intent analysis. Use when installing, reviewing, or approving any skill, tool, plugin, or MCP server — especially before first use. Replaces basic safety summaries with full CWE-mapped, OWASP-tagged, line-referenced security reports.

Isms Audit Expert

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use...

Praesidia

Verify AI agents, check trust scores (0-100), fetch A2A agent cards, discover marketplace agents, apply guardrails for security and compliance. Use when user mentions agent verification, trust scores, agent discovery, A2A protocol, agent identity, agent marketplace, guardrails, security policies, content moderation, or asks "is this agent safe?" or "find agents that can [task]" or "apply guardrails to protect my agent".

OpenClaw Warden Pro

Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw

Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost.

smart-security

Advanced prompt injection defense with multi-layer protection, memory integrity, and tool security wrapper. OWASP LLM Top 10 2026 compliant.

OpenClaw Policy Check

Scan repositories for risky security patterns before execution. Use when users ask for a quick preflight security check, policy enforcement scan, suspicious code triage, or detection of unsafe commands, secret leakage, and dangerous shell behavior.

Skill Security Scanner

Security audit tool for OpenClaw skills. Scans for credential harvesting, code injection, network exfiltration, obfuscation. ALWAYS run before installing any...

Audit OpenClaw Security

Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/a...

Skill Vetter — Security Audit for AI Skills

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

Ralph Ultra Security Audit

Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...

ShellWard Security Guide

OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation

Shadows Security Scanner

7-phase security audit pipeline — reconnaissance, dependency scan, application tests, API security, hardening check, OWASP verification, report. Use before p...

Ai Security Audit

Perform a security audit on exposed AI service endpoints using OpenClaw threat intelligence. Trigger when the user says "security audit", "audit my AI servic...

Junior Intel Security Officer

Junior Intelligence Security Officer - Entry-level security officer responsible for basic security tasks, learning security protocols, and supporting securit...

Intel Security Lead

Intelligence Security Lead - Manager of security controls for intelligence operations, responsible for information security, access management, and complianc...

Secure Google Drive Access for OpenClaw by PortEden

Secure Google Drive Mnagement - list, search, upload, create folders, rename, move, share, and permissions (porteden secure alternative).

Claw Security Suite

Provides four-layer security for OpenClaw including static code scanning, logic audit, runtime protection, and periodic security patrols with automated reports.

Neckr0ik Security Fixer

Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk...

Skill Security Guide

Security best practices guide for passing ClawHub security scans with "Benign" ratings. Use when creating or reviewing skills to ensure they meet security st...

Continuum Security Slne

Continuum Security SLNE integration. Manage data, records, and automate workflows. Use when the user wants to interact with Continuum Security SLNE data.

Security Testing Strategy

Select and implement a layered security testing strategy for a codebase: design unit tests for security properties (boundary conditions, negative inputs, acc...

Byted Security Clawsentry

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

solana-security

Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack ve...

Alibabacloud Ddos Security Monitor

[user] Perform security inspection and monitoring for Alibaba Cloud DDoS security products, covering DDoS Basic Protection, DDoS Native Protection, and DDoS...

Supabase Security Auditor

Audit Supabase projects for security — check Row Level Security policies, auth configuration, API exposure, storage rules, and edge function security.

powershell-security-hardening

> Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with ente...

senior-security

Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security ass...

Runtime Security Guard (English)

Enterprise-grade AI runtime security protection v2.1. Provides 410+ security rules with cross-platform detection (Windows/macOS/Linux), detecting 10 categori...

Skill Security Audit

This skill should be used when evaluating the security of a ClawHub skill before installation. It performs comprehensive security risk assessment on skill di...

Social Security Advisor

This skill should be used when users ask about Chinese social security (社保) policies, contribution calculations, retirement benefits estimation, social secur...

Lap Akamai Application Security Api

Akamai: Application Security API skill. Use when working with Akamai: Application Security for activations, api-discovery, configs. Covers 236 endpoints.