安全合规 技能

Access and manage Bitwarden passwords securely using the official bw CLI.

Helps verify the cryptographic integrity of skill updates by checking whether each version is signed by the same key as the original install, detecting key c...

Helps verify publisher identity integrity in AI agent ecosystems. Detects impersonation, key rotation anomalies, and identity gaps in the trust chain between...

Enforces regex-based, real-time authorization policies on OpenClaw agents’ tool calls, blocking, allowing, or requiring approval before execution.

Helps track how AI skill verification results decay over time. A "verified" badge from 18 months ago may be meaningless today — dependencies updated, new att...

Get delegated access for AI agents via TapAuth — the trust layer between humans and AI agents. Use when your agent needs to access GitHub, Google Workspace,...

Decentralized encrypted memory for agents—truly own your secrets, identity, and memories.

Core Archon DID toolkit - identity management, verifiable credentials, encrypted messaging (dmail), Nostr integration, file encryption/signing, aliasing, aut...

A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and pr...

Helps measure the concentration of trust roots in a skill's attestation graph — identifying monoculture risk where a single compromised root invalidates an e...

Helps detect skills that behave differently when they sense they are being monitored — catching the class of evasion where conditional activation logic speci...

Teach your AI agent to think about security. A reasoning methodology for vetting skills before installation — red/green flag heuristics, 4-phase audit protoc...

Complete Facticity.AI integration - fact-check claims, extract claims from content, transcribe links, check link reliability, check credits, and monitor task...

Signs, verifies, and manages cryptographic identity for AI agents using the Vouch CLI on Base. Use when an agent needs to: set up identity and register an ac...

Risk-aware support response governance with persona-weighted consensus. Detects legal/sensitive/confidentiality issues, applies hard-block policy checks, and...

Comprehensive code security audit covering OWASP Top 10, secrets detection, dependency vulnerabilities, and language-specific attack patterns. Built by Taylo...

URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f...

Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls.

SENTINEL/CORD governance engine — mandatory pre-flight enforcement for agent tool calls. Use when: (1) about to run exec/write/browser/network/message tool c...

Manage DNS records via the Cloudflare API. Create, list, update, and delete DNS records (A, AAAA, CNAME, TXT, MX, SPF, DKIM). Use when the agent needs to add...

Helps identify when multiple attestation validators share training data, model architecture, or organizational upstream — causing correlated blind spots that...

Zero-knowledge credential management — make authenticated API calls without exposing your keys

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry op...

TOTP-based OTP verification for sensitive operations (env vars, gateway restarts, backup deletions, critical config changes). Uses otplib with window:2 (1 mi...