安全合规 技能

Scan repositories for risky security patterns before execution. Use when users ask for a quick preflight security check, policy enforcement scan, suspicious code triage, or detection of unsafe commands, secret leakage, and dangerous shell behavior.

Provides end-to-end encrypted, authenticated, and forward-secret messaging between AI agents with cryptographic identities and tamper-proof delivery.

Generates detailed compliance audits with risk-prioritized findings and remediation plans for frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS.

Git 安全扫描器 - 检查提交中的敏感信息泄露（API keys、密码、token）

Sign plugins, rotate agent credentials without losing identity, and publicly attest to plugin behavior with verifiable claims and authenticated transfers.

AI agent infrastructure security scanner — check packages for CVEs, look up MCP servers in the 427+ server security metadata registry, assess blast radius, g...

Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.

Agent verification via ClawX OAuth system. Use when checking agent verification status, embedding verification widgets, or working with agent identity/trust tiers.

Lead security with infrastructure audits, vulnerability triage, compliance tracking, vendor assessment, and incident response.

Analyzes contracts and agreements for risks, unusual terms, and missing clauses

Guides business and IT teams through incident detection, severity classification, containment, resolution, communication, and post-mortem with automated time...

🩺 Free Security & Health Audit. Your OpenClaw deserves a check-up. This skill performs a non-invasive scan to detect security risks, outdated software, and misconfigurations.

Assistant juridique français RAG sur codes et lois consolidés (LEGI/DILA). Utiliser pour questions de droit français, recherche d'articles, explication de textes législatifs, synthèse juridique avec citations vérifiables.

Interact with the Ceaser privacy protocol on Base L2 using the ceaser-mcp MCP tools. This skill uses the ceaser-mcp npm package for ALL operations -- shield,...

Provides tamper-evident, append-only, hash-chained audit logs for AI agents verifying actions with monotonic ordering and integrity checks.

Immutable audit trail for autonomous agent operations. Log skill executions, data access, decisions, and budget changes with tamper-evident hashes. Essential...

Detects and scores prompt injection attempts in text, outputting severity, action, and matched rules without external calls or secret handling.

Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous.

Defensive interceptor for prompt injection and basic PII masking.

Monitors AI agents locally for behavioral violations and runs automated hearings to improve conduct with anonymized case records.

Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys,...

Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities

Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matchi...

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...