安全合规 技能

Scans ClawHub skills to detect malicious code, obfuscated payloads, and social engineering via pattern matching, deobfuscation, and LLM analysis before insta...

Prompt injection detection and security scanning for OpenClaw agents. Installs the ai-sentinel plugin via OpenClaw CLI, configures plugin settings, and offer...

Add 8 security governance layers to your OpenClaw agent — budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway protection.

Draft contracts, review legal documents, and navigate compliance with practical legal patterns.

Security monitoring and alerting tool for AI agents. Automatically checks for exposed secrets, unverified skills, insecure keys, suspicious commands, and mal...

Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.

Security scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks.

Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.

Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run.

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.

Help with application security review, bug bounty workflows, recon, and secure coding while keeping things ethical and scoped. Think critically, use real sources only, and reference OWASP.

Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol.

Digital identity, authentication, and trust for AI agents. Verify who an agent is, prove your own identity, sign skills to prove authorship, send encrypted m...

Deep security analysis of an individual skill before installation

Implement quantum-resistant encryption using the CIFER SDK (cifer-sdk npm package). Covers SDK initialization, wallet setup, secret creation, text encryption/decryption, and file encryption/decryption on any supported chain (Ethereum, Sepolia, Ternoa). Use when the user mentions CIFER, cifer-sdk, quantum-resistant encryption, ML-KEM, secret creation, or encrypted payloads/files with blockchain.

Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.

Interact with the Permissions Broker service to fetch data from Google APIs behind a Telegram approval gate. Use when an agent needs to read Google Drive/Doc...

Secure OAuth token management via Scalekit. Handles token storage, refresh, and retrieval for third-party services (Gmail, Slack, GitHub, etc.). Never stores tokens locally - always fetches fresh tokens from Scalekit.

Agent trust intelligence for Moltbook and x402 Bazaar. Use when you need to check if an agent or service is trustworthy before paying, compare agents side-by-side, scan feeds for quality agents, or make trust-gated USDC payments. Answers the question "should I pay this agent?" with research-backed scoring across 6 dimensions.

Enable quantum-resistant encryption and secret management for blockchain apps with post-quantum ML-KEM-768 key encapsulation and multi-chain support.

Check data compliance with construction standards. Validate data against ISO 19650, IFC, COBie, UniFormat standards.

Securely access and manage secrets with 1Password CLI using a Service Account token for vault operations like read, write, edit, and delete.

Analyze Solana tokens for rug pull risks using the RugCheck API (rugcheck.xyz). Use when asked to check a Solana token safety, risk score, liquidity, holder distribution, metadata mutability, or insider trading patterns. Also use for discovering trending, new, or recently verified Solana tokens. Triggers on token check, rug check, token safety, Solana token analysis, is this token safe, token risk score, LP locked, holder concentration.