ClawSec: Security Skill Suite for AI Agents

Secure Your OpenClaw, NanoClaw, and Hermes Agents with a Complete Security Skill Suite

Brought to you by Prompt Security, the Platform for AI Security

Prompt Security Logo
clawsec mascot

🌐 Live at: https://clawsec.prompt.security https://prompt.security/clawsec

🦞 What is ClawSec?

ClawSec is a complete security skill suite for AI agent platforms. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.

Supported Platforms

OpenClaw (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
NanoClaw - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
Hermes - Hermes-native security skills for signed advisory feed verification, advisory-aware guarded verification, deterministic attestation generation, fail-closed verification, and baseline drift detection

Skill Feature Matrix

Skill name	supported platform	security feed verification	config drift	agent self pen testing	supply-chain install verification
claw-release	OpenClaw	No	No	No	Yes
clawsec-clawhub-checker	OpenClaw + clawsec-suite integration	No	No	No	Yes
clawsec-feed	OpenClaw	Yes	No	No	Yes
clawsec-nanoclaw	NanoClaw	Yes	Yes	Yes	Yes
clawsec-scanner	OpenClaw	Yes	No	Yes	Yes
clawsec-suite	OpenClaw	Yes	Yes	No	Yes
clawtributor	OpenClaw	Yes	No	No	No
hermes-attestation-guardian	Hermes	Yes (signed advisory feed verification)	Yes	No	Limited (advisory preflight gating only; no artifact signature/provenance install verification)
openclaw-audit-watchdog	OpenClaw	No	No	Yes	No
soul-guardian	OpenClaw	No	Yes	No	No

Core Capabilities

📦 Suite Installer - One-command installation of all security skills with integrity verification
🛡️ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
📡 Live Security Advisories - Automated NVD CVE polling and community threat intelligence
🔍 Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
🔐 Checksum Verification - SHA256 checksums for all skill artifacts
Health Checks - Automated updates and integrity verification for all installed skills

🎬 Product Demos

Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.

Install Demo (`clawsec-suite`)

Direct link: install-demo.mp4

Drift Detection Demo (`soul-guardian`)

Direct link: soul-guardian-demo.mp4

🚀 Quick Start

For AI Agents

# Install the ClawSec security suite
npx clawhub@latest install clawsec-suite

After install, the suite can:

Discover installable protections from the published skills catalog
Verify release integrity using signed checksums
Set up advisory monitoring and hook-based protection flows
Add optional scheduled checks

Manual/source-first option:

Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.

For Humans

Copy this instruction to your AI agent:

Install ClawSec with npx clawhub@latest install clawsec-suite, then complete the setup steps from the generated instructions.

Shell and OS Notes

ClawSec scripts are split between:

Cross-platform Node/Python tooling (npm run build, hook/setup .mjs, utils/*.py)
POSIX shell workflows (*.sh, most manual install snippets)

For Linux/macOS (bash/zsh):

Use unquoted or double-quoted home vars: export INSTALL_ROOT="$HOME/.openclaw/skills"
Do not single-quote expandable vars (for example, avoid '$HOME/.openclaw/skills')

For Windows (PowerShell):

Prefer explicit path building:
- $env:INSTALL_ROOT = Join-Path $HOME ".openclaw\\skills"
- node "$env:INSTALL_ROOT\\clawsec-suite\\scripts\\setup_advisory_hook.mjs"
POSIX .sh scripts require WSL or Git Bash.

Troubleshooting: if you see directories such as ~/.openclaw/workspace/$HOME/..., a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.

🧭 Platform & Suite Documentation

Detailed platform and suite docs live in the wiki modules:

NanoClaw: wiki/modules/nanoclaw-integration.md
Hermes: wiki/modules/hermes-attestation-guardian.md
ClawSec Suite (OpenClaw): wiki/modules/clawsec-suite.md
CI/CD pipelines: wiki/modules/automation-release.md

Quick install links:

NanoClaw install: skills/clawsec-nanoclaw/INSTALL.md
Hermes skill package: skills/hermes-attestation-guardian/
Suite package: skills/clawsec-suite/

📡 Security Advisory Feed

ClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).

Feed URL

# Fetch latest advisories
curl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == "critical" or .severity == "high")'

Canonical endpoint: https://clawsec.prompt.security/advisories/feed.json
Compatibility mirror (legacy): https://clawsec.prompt.security/releases/latest/download/feed.json

Monitored Keywords

The feed polls CVEs related to:

OpenClaw Platform: OpenClaw, clawdbot, Moltbot
NanoClaw Platform: NanoClaw, WhatsApp-bot, baileys
Prompt injection patterns
Agent security vulnerabilities

Exploitability Context

ClawSec enriches CVE advisories with exploitability context to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:

Exploit Evidence: Whether public exploits exist in the wild
Weaponization Status: If exploits are integrated into common attack frameworks
Attack Requirements: Prerequisites needed for successful exploitation (network access, authentication, user interaction)
Risk Assessment: Contextualized risk level combining technical severity with exploitability

This feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.

Advisory Schema

NVD CVE Advisory:

{
  "id": "CVE-2026-XXXXX",
  "severity": "critical|high|medium|low",
  "type": "vulnerable_skill",
  "platforms": ["openclaw", "nanoclaw"],
  "title": "Short description",
  "description": "Full CVE description from NVD",
  "published": "2026-02-01T00:00:00Z",
  "cvss_score": 8.8,
  "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
  "exploitability_score": "high|medium|low|unknown",
  "exploitability_rationale": "Why this CVE is or is not likely exploitable in agent deployments",
  "references": ["..."],
  "action": "Recommended remediation"
}

Community Advisory:

{
  "id": "CLAW-2026-0042",
  "severity": "high",
  "type": "prompt_injection|vulnerable_skill|tampering_attempt",
  "platforms": ["nanoclaw"],
  "title": "Short description",
  "description": "Detailed description from issue",
  "published": "2026-02-01T00:00:00Z",
  "affected": ["[email protected]"],
  "source": "Community Report",
  "github_issue_url": "https://github.com/.../issues/42",
  "action": "Recommended remediation"
}

Platform values:

"openclaw" - OpenClaw/Clawdbot/MoltBot only
"nanoclaw" - NanoClaw only
["openclaw", "nanoclaw"] - Both platforms
(empty/missing) - All platforms (backward compatible)

🔄 CI/CD Pipelines

CI/CD pipeline details were moved to the wiki module page:

wiki/modules/automation-release.md

Related operations docs:

🛠️ Offline Tools

ClawSec includes Python utilities for local skill development and validation.

Skill Validator

Validates a skill folder against the required schema:

python utils/validate_skill.py skills/clawsec-feed

Checks:

skill.json exists and is valid JSON
Required fields present (name, version, description, author, license)
SBOM files exist and are readable
OpenClaw metadata is properly structured

Skill Checksums Generator

Generates checksums.json with SHA256 hashes for a skill:

python utils/package_skill.py skills/clawsec-feed ./dist

Outputs:

checksums.json - SHA256 hashes for verification

🛠️ Local Development

Prerequisites

Node.js 20+
Python 3.10+ (for offline tools)
npm

Setup

# Install dependencies
npm install

# Start development server
npm run dev

Populate Local Data

# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh

# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120

# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh

# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms

Notes:

npm run dev and npm run build automatically regenerate wiki llms.txt exports (predev/prebuild hooks).
public/wiki/ is generated output (local + CI) and is intentionally gitignored.

Build

npm run build

📁 Project Structure

├── advisories/
│   ├── feed.json                    # Main advisory feed
│   ├── feed.json.sig                # Detached signature for feed.json
│   └── feed-signing-public.pem      # Public key for feed verification
├── components/                      # React components
├── pages/                           # Route/page components
├── wiki/                            # Source-of-truth docs (synced to GitHub Wiki)
├── scripts/
│   ├── generate-wiki-llms.mjs       # wiki/*.md -> public/wiki/**/llms.txt
│   ├── populate-local-feed.sh       # Local CVE feed populator
│   ├── populate-local-skills.sh     # Local skills catalog populator
│   ├── populate-local-wiki.sh       # Local wiki llms export populator
│   ├── prepare-to-push.sh           # Local CI-style quality gate
│   ├── validate-release-links.sh    # Release link checks
│   └── release-skill.sh             # Manual skill release helper
├── skills/
│   ├── claw-release/                # 🚀 Release automation workflow skill
│   ├── clawsec-suite/               # 📦 Suite installer (skill-of-skills)
│   ├── clawsec-feed/                # 📡 Advisory feed skill
│   ├── clawsec-scanner/             # 🔍 Vulnerability scanner (deps + SAST + OpenClaw DAST)
│   ├── clawsec-nanoclaw/            # 📱 NanoClaw platform security suite
│   ├── clawsec-clawhub-checker/     # 🧪 ClawHub reputation checks
│   ├── clawtributor/                # 🤝 Community reporting skill
│   ├── hermes-attestation-guardian/ # 🛡️ Hermes attestation + drift verification
│   ├── openclaw-audit-watchdog/     # 🔭 Automated audit skill
│   └── soul-guardian/               # 👻 File integrity skill
├── utils/
│   ├── package_skill.py             # Skill packager utility
│   └── validate_skill.py            # Skill validator utility
├── .github/workflows/
│   ├── ci.yml                       # Cross-platform lint/type/build + tests
│   ├── pages-verify.yml             # PR-only pages build/signing verification
│   ├── poll-nvd-cves.yml            # CVE polling pipeline
│   ├── community-advisory.yml       # Approved issue -> advisory PR
│   ├── skill-release.yml            # Skill release/signing pipeline
│   ├── deploy-pages.yml             # GitHub Pages deployment
│   ├── wiki-sync.yml                # Sync repo wiki/ to GitHub Wiki
│   ├── codeql.yml                   # CodeQL security analysis
│   └── scorecard.yml                # OpenSSF Scorecard checks
└── public/                          # Static assets + generated wiki exports

🤝 Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

Submitting Security Advisories

Found a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:

Open a new issue using the Security Incident Report template
Fill out the required fields (severity, type, description, affected skills)
A maintainer will review and add the advisory-approved label
The advisory is automatically published to the feed as CLAW-{YEAR}-{ISSUE#}

See CONTRIBUTING.md for detailed guidelines.

Adding New Skills

Create a skill folder under skills/
Add skill.json with required metadata and SBOM
Add SKILL.md with agent-readable instructions
Validate with python utils/validate_skill.py skills/your-skill
Submit a PR for review

📚 Documentation Source of Truth

For all wiki content, edit files under wiki/ in this repository. The GitHub Wiki (<repo>.wiki.git) is synced from wiki/ by .github/workflows/wiki-sync.yml when wiki/** changes on main.

LLM exports are generated from wiki/ into public/wiki/:

/wiki/llms.txt is the LLM-ready export for wiki/INDEX.md (or a generated fallback index if INDEX.md is missing).
/wiki/<page>/llms.txt is the LLM-ready export for that single wiki page.

📄 License

Source code: GNU AGPL v3.0 or later - See LICENSE for details.
Fonts in font/: Licensed separately - See font/README.md.

ClawSec · Prompt Security, SentinelOne

🦞 Hardening agentic workflows, one skill at a time.