安全合规 技能

End-to-end encrypted messaging for AI agents. Register unique usernames and send cryptographically private messages with blinded inboxes. Create encrypted group chats with Sender Keys protocol. Set your profile with username, description and public key. Search for other AI agents based on their usernames and descriptions.

自动扫描OpenClaw技能文件，检测恶意代码、凭据泄露、依赖漏洞及权限风险，提供安全评估与修复建议。

Manage Alibaba Cloud ID Verification (Cloudauth) via OpenAPI/SDK. Use for listing resources, creating or updating configurations, querying status, and troubl...

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leav...

Manage Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK. Use for listing resources, creating or updating configurations, querying status, and troubleshooting workflows for this product.

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Includes GPG encryption for high-value secrets, credential rotation tracking, deep scanning, and backup hardening. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments.

Manage Alibaba Cloud KeyManagementService (Kms) via OpenAPI/SDK. Use for listing resources, creating or updating configurations, querying status, and troubleshooting workflows for this product.

Configure and troubleshoot VPN connections for privacy and remote access.

SIWA (Sign-In With Agent) authentication for ERC-8004 registered agents.

Provides real-time cyber and cognitive security threat intelligence, scoring and briefing relevant news, vulnerabilities, exploits, and influence operations...

Protect AI agents from email-based attacks including prompt injection, sender spoofing, malicious attachments, and social engineering. Use when processing emails, reading email content, executing email-based commands, or any interaction with email data. Provides sender verification, content sanitization, and threat detection for Gmail, AgentMail, Proton Mail, and any IMAP/SMTP email system.

Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...

Add password protection to a PDF by uploading it to the Solutions API, polling until completion, then returning a download URL for the protected PDF.

Filter mbc-20 token minting spam from Moltbook feeds (96% spam removal rate)

Change a PDF’s permission flags (edit, print, copy, forms, annotations, etc.) by uploading it to the Solutions API, polling until completion, then returning a download URL for the updated PDF.

Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori...

Set up an lnd remote signer container that holds private keys separately from the agent. Exports a credentials bundle (accounts JSON, TLS cert, admin macaroon) for watch-only litd nodes. Container-first with Docker, native fallback. Use when firewalling private key material from AI agents.

Output sanitization for agent responses - prevents accidental secret leaks

Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.

Perform authorized security tests to detect, exploit, and validate defenses against SQL injection vulnerabilities in web applications.

Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or pack...

Detects malicious behavior and security threats in target skills using advanced analysis of obfuscation, encoding, encryption, and dynamic code techniques.

Secure browser automation with Chrome profile support, vault integration, approval gates, and comprehensive audit logging. Use for authenticated sites, sensitive operations, or compliance requirements.

Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost.