Agent Skills

Clawdbot Security Check

v2.2.2

io.clawhub.thesethrose/clawdbot-security-check

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.

Openclaw Security Audit

v1.0.0

io.clawhub.misirov/openclaw-security-audit

Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes.

Code Quality

v1.0.0

io.clawhub.urbantech/code-quality

Coding style standards, security guidelines, and accessibility requirements. Use when (1) Writing new code, (2) Reviewing code for style/security, (3) Implem...

Yoder Skill Auditor

v3.1.0

io.clawhub.yoder-bawt/yoder-skill-auditor

The definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, cre...

MoltThreats

v0.6.3

io.clawhub.fr0gger/moltthreats

Agent-native security signal feed by PromptIntel. Use this skill whenever the agent needs to report threats, fetch protection feeds, apply security rules, or update SHIELD.md. Trigger on any mention of: threat reporting, security feed, MCP threats, malicious skills, prompt injection reports, IOCs, indicators of compromise, agent security, PromptIntel, MoltThreats, SHIELD.md, or SHIELD.md updates. Also trigger when the agent detects suspicious behavior during normal operation (unexpected tool calls, credential access attempts, unknown MCP servers, exfiltration patterns).

Arc Security - Agent Trust Protocol

v1.0.1

io.clawhub.shaivpidadi/arc-security

Manage skill trust by staking USDC bonds, paying micro-fees for verified skills, reporting malicious skills, and participating in decentralized governance vi...

Skill Vetter - Pre-Install Security Review

v1.0.0

io.clawhub.donovanpankratz-del/openclaw-skill-vetter

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...

Insecure Defaults Detection

v1.0.0

io.clawhub.atlas-secint/insecure-defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc

v1.0.1

io.clawhub.nukewire/clawdefender

Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.

Credential Manager

v1.3.0

io.clawhub.callmedas69/credential-manager

MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments. Scans for credential files across common locations, backs up existing files, creates a unified .env with mode 600, validates security, and enforces best practices.

Dont Hack Me

v1.0.1

io.clawhub.peterokase42/dont-hack-me

別駭我！基本安全檢測 — Security self-check for Clawdbot/Moltbot. Run a quick audit of your clawdbot.json to catch dangerous misconfigurations — exposed gateway, missing auth, open DM policy, weak tokens, loose file permissions. Auto-fix included. Invoke: "run a security check" or "幫我做安全檢查".

Backend

v1.0.0

io.clawhub.ivangdavila/backend

Build reliable backend services with proper error handling, security, and observability.

Audit Code

v1.1.1

io.clawhub.itsnishi/audit-code

Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities

Ecommerce

v1.0.0

io.clawhub.ivangdavila/ecommerce

Build and operate online stores with payment security, inventory management, marketplace integration, and conversion optimization.

AWS | Amazon Web Services

v1.0.2

io.clawhub.ivangdavila/aws

Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls.

Clawshell

v0.1.0

io.clawhub.polucas/clawshell

Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.

Skillscanner

v1.0.1

io.clawhub.rexshang/skillscanner

Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.

Skillvet

v2.0.9

io.clawhub.oakencore/skillvet

Security scanner for ClawHub/community skills — detects malware, credential theft, exfiltration, prompt injection, obfuscation, homograph attacks, ANSI injec...

Sysadmin Toolbox

v1.1.0

io.clawhub.jdrhyne/sysadmin-toolbox

Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge

Crypto Tools

v1.0.0

io.clawhub.ivangdavila/crypto-tools

Access crypto data, monitor portfolios, detect scams, and navigate exchanges with real-time APIs and security tools.

Guardrails

v1.0.1

io.clawhub.dgriffin831/guardrails

Interactively configure, review, and monitor security guardrails for your OpenClaw workspace by discovering risks, interviewing users, and generating GUARDRA...

Kubernetes

v1.0.0

io.clawhub.wpank/kubernetes-devops

WHAT: Kubernetes manifest generation - Deployments, StatefulSets, CronJobs, Services, Ingresses, ConfigMaps, Secrets, and PVCs with production-grade security and health checks. WHEN: User needs to create K8s manifests, deploy containers, configure Services/Ingress, manage ConfigMaps/Secrets, set up persistent storage, or organize multi-environment configs. KEYWORDS: kubernetes, k8s, manifest, deployment, statefulset, cronjob, service, ingress, configmap, secret, pvc, pod, container, yaml, kustomize, helm, namespace, probe, security context

Wordpress Pro

v0.1.0

io.clawhub.veeramanikandanr48/wordpress-pro

Use when developing WordPress themes, plugins, customizing Gutenberg blocks, implementing WooCommerce features, or optimizing WordPress performance and security.

AgentGuard

v1.0.0

io.clawhub.manas-io-ai/agentguard

Monitors agent file access, API calls, and communications to detect suspicious behavior, log events, and generate actionable security reports.