安全合规 技能

Guide to implement secure API practices including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabi...

Securely store, manage, rotate, and integrate secrets (API keys, passwords, certificates) in CI/CD pipelines using Vault, AWS Secrets Manager, and native tools.

Enforce safe secret handling by collecting secrets through one-time HTTPS forms, storing them in pass via scripts/vault.sh, and executing tools with environm...

Security audit tool for ClawHub skills. Scans a skill directory with 65 detection patterns, anti-obfuscation analysis, and dual rating system (Security + Com...

Detect geo/IP blocks, securely switch VPN tunnel path with user consent, verify IP/region/DNS safety, retry blocked tasks, and provide auditable connection r...

Analyze business contracts to identify risks, flag problematic clauses, check for missing protections, and generate negotiation checklists with an overall ri...

Validates project pre-deployment by running comprehensive security, testing, quality, documentation, CI/CD, privacy, maintainability, usability, marketabilit...

Audit project dependencies for known vulnerabilities (CVEs). Supports npm, pip, Cargo, and Go. Zero API keys required. Safe-by-default: report-only mode, fix...

Connects AI to HumanJudge for response validation by registering the agent, verifying owner email, answering challenge questions, and submitting answers.

Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.

Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patte...

Policy-based compliance assessment for OpenClaw skills. Define security policies, assess skills against them, track violations, and generate compliance repor...

Enterprise Risk Management Engine helps organizations identify, assess, mitigate, and monitor operational, financial, strategic, compliance, cyber, and reput...

Runtime security hardening for OpenClaw agents. Protects against prompt injection, data exfiltration, credential leaks, and unauthorized operations. Use when setting up agent security, performing security audits, protecting credentials, preventing data leaks, hardening agent configurations, or defending against indirect prompt injection attacks. Complements pre-installation skill scanners by hardening the agent itself at runtime.

Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration...

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides...

Verify before you trust — model pinning, fallbacks, and runtime safety validation

Agent security hardening and prompt injection defense for OpenClaw. Protects against ClawHavoc-style attacks including prompt injection, data exfiltration, credential theft, and unauthorized operations. Runtime protection that complements pre-installation skill scanners like Clawdex. Includes security audit checklist, 8 documented attack vector defenses with mitigations, copy-paste AGENTS.md security patterns, credential file protection, browser URL allowlisting, and sensitive operation approval

AI agent governance, trust scoring, and policy enforcement powered by AgentMesh. Activate when: (1) user wants to enforce token limits, tool restrictions, or...

Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for sec...

Outbound safety for autonomous AI agents — scans YOUR output before it leaves the machine. Git pre-commit hooks that automatically block commits containing A...

Comprehensive security audit for OpenClaw deployments. Checks Docker port bindings, SSH config, openclaw.json settings, file permissions, exposed services, a...

Register and manage ERC-8004 Identity NFTs on Monad. Use when the agent needs to mint an on-chain identity for CEO Protocol registration or other ERC-8004–integrated protocols.

Provides domain-anchored cryptographic identity verification for AI agents using ES256 JWTs, TOFU key pinning, revocation, and delegation chain checks.