安全合规 技能

Detect hardcoded secrets, exposed API keys, and credential misconfigurations in IaC and config files

Security Skill Advisor - Help identify malicious skills, protect API keys and system security | Security audit, skill scanner, malware detection, best practices

Security auditing for git commits, repos, and skills before publishing. Run automatically before any `git commit`, `git push`, or `clawhub publish`. Detects...

Secure Gmail skill using Composio brokered OAuth — no raw tokens stored locally. Reads, searches, and drafts emails with least-privilege enforcement. Blocks...

Authentication and compliance audit pack. OAuth 2.1/OIDC Discovery, token scope enforcement, tool deprecation lifecycle, circuit breaker, GDPR residency, DID...

AI-native security suite for OpenClaw. Scans skills for prompt injection, data exfiltration, cognitive rootkits, semantic worms, and more. Includes static an...

Integrate Didit Face Search standalone API to perform 1:N facial search against all previously verified sessions. Use when the user wants to detect duplicate...

Autonomous bug bounty hunting with scope safety. Scans targets for subdomains, secrets, vulnerabilities. Uses Certificate Transparency logs, JS analysis, ent...

Ecosystem differentiation audit pack. MCP firewall, RAG pipeline, sandbox exec, context health, provenance tracking, cost analytics, and token budget optimiz...

Verify and cross-sign the active Matrix device for one OpenClaw-managed account. Use when a user needs to repair trust for an OpenClaw Matrix device, confirm...

中国计算机软件著作权登记申请材料生成器。用于生成软著申请所需的全部材料，包括软件基本信息表单填写、程序鉴别材料PDF（源代码语法高亮）、文档鉴别材料PDF（用户手册）。当用户提到"软著"、"软件著作权"、"著作权登记"、"版权登记"、"软著申请"、"copyright registration"时使用此技能。

Autonomous RPC & VPN rotation for AI Agents. Ensures 99.9% uptime by bypassing geo-locks and rate limits on exchanges and Web3 protocols.

Zero-cost cognitive immune system for AI agents. Fires automatic pre-response reflexes that catch contradictions, scope drift, hallucinations, overengineerin...

自主安全审计 - 定期检查系统安全、发现风险、生成报告

Sanitize prompts before sending to LLMs. Detects PII, prompt injection, toxicity, and off-topic content. Returns cleaned text + risk score. Use when: sanitiz...

Advanced security audit pack covering secrets lifecycle, path canonicalization, exec plan freeze, hook routing, config includes, prototype pollution, safeBin...

Manage secrets via Bitwarden CLI (bw). Use when pulling secrets into a shell session, creating/updating Secure Notes from .env files, listing vault items, or...

Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a s...

Integrate Didit AML Screening standalone API to screen individuals or companies against global watchlists. Use when the user wants to perform AML checks, scr...

Help AI agents recognize and respond to potentially malicious skill patterns from public registries. Based on Snyk ToxicSkills research showing 13.4% of skil...

AI Agent Detection & Response — real-time security monitoring with Sigma rules and LLM-powered triage

Integrate Didit Proof of Address standalone API to verify address documents. Use when the user wants to verify a proof of address, validate utility bills, ba...

Require verifiable human approval before high-risk agent actions.

Browser automation security audit pack. Validates Playwright/Puppeteer headless configuration for dangerous arguments. 1 audit tool.