Agent Skills

clawsec-suite

A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.

Installation
CLI
npx skills add https://github.com/prompt-security/clawsec --skill clawsec-suite

Install this skill with the CLI and start using the SKILL.md workflow in your workspace.

Last updated 4/22/2026

prompt-icon ClawSec: Security Skill Suite for AI Agents prompt-icon

Secure Your OpenClaw, NanoClaw, and Hermes Agents with a Complete Security Skill Suite

Brought to you by Prompt Security, the Platform for AI Security

Prompt Security Logo
clawsec mascot

๐Ÿฆž What is ClawSec?

ClawSec is a complete security skill suite for AI agent platforms. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.

Supported Platforms

  • OpenClaw (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
  • NanoClaw - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
  • Hermes - Hermes-native security skills for signed advisory feed verification, advisory-aware guarded verification, deterministic attestation generation, fail-closed verification, and baseline drift detection

Skill Feature Matrix

Skill name supported platform security feed verification config drift agent self pen testing supply-chain install verification
claw-release OpenClaw No No No Yes
clawsec-clawhub-checker OpenClaw + clawsec-suite integration No No No Yes
clawsec-feed OpenClaw Yes No No Yes
clawsec-nanoclaw NanoClaw Yes Yes Yes Yes
clawsec-scanner OpenClaw Yes No Yes Yes
clawsec-suite OpenClaw Yes Yes No Yes
clawtributor OpenClaw Yes No No No
hermes-attestation-guardian Hermes Yes (signed advisory feed verification) Yes No Limited (advisory preflight gating only; no artifact signature/provenance install verification)
openclaw-audit-watchdog OpenClaw No No Yes No
soul-guardian OpenClaw No Yes No No

Core Capabilities

  • ๐Ÿ“ฆ Suite Installer - One-command installation of all security skills with integrity verification
  • ๐Ÿ›ก๏ธ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
  • ๐Ÿ“ก Live Security Advisories - Automated NVD CVE polling and community threat intelligence
  • ๐Ÿ” Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
  • ๐Ÿ” Checksum Verification - SHA256 checksums for all skill artifacts
  • Health Checks - Automated updates and integrity verification for all installed skills

๐ŸŽฌ Product Demos

Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.

Install Demo (clawsec-suite)

Install demo animated preview

Direct link: install-demo.mp4

Drift Detection Demo (soul-guardian)

Drift detection animated preview

Direct link: soul-guardian-demo.mp4

๐Ÿš€ Quick Start

For AI Agents

# Install the ClawSec security suite
npx clawhub@latest install clawsec-suite

After install, the suite can:

  1. Discover installable protections from the published skills catalog
  2. Verify release integrity using signed checksums
  3. Set up advisory monitoring and hook-based protection flows
  4. Add optional scheduled checks

Manual/source-first option:

Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.

For Humans

Copy this instruction to your AI agent:

Install ClawSec with npx clawhub@latest install clawsec-suite, then complete the setup steps from the generated instructions.

Shell and OS Notes

ClawSec scripts are split between:

  • Cross-platform Node/Python tooling (npm run build, hook/setup .mjs, utils/*.py)
  • POSIX shell workflows (*.sh, most manual install snippets)

For Linux/macOS (bash/zsh):

  • Use unquoted or double-quoted home vars: export INSTALL_ROOT="$HOME/.openclaw/skills"
  • Do not single-quote expandable vars (for example, avoid '$HOME/.openclaw/skills')

For Windows (PowerShell):

  • Prefer explicit path building:
    • $env:INSTALL_ROOT = Join-Path $HOME ".openclaw\\skills"
    • node "$env:INSTALL_ROOT\\clawsec-suite\\scripts\\setup_advisory_hook.mjs"
  • POSIX .sh scripts require WSL or Git Bash.

Troubleshooting: if you see directories such as ~/.openclaw/workspace/$HOME/..., a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.

๐Ÿงญ Platform & Suite Documentation

Detailed platform and suite docs live in the wiki modules:

Quick install links:

๐Ÿ“ก Security Advisory Feed

ClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).

Feed URL

# Fetch latest advisories
curl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == "critical" or .severity == "high")'

Canonical endpoint: https://clawsec.prompt.security/advisories/feed.json
Compatibility mirror (legacy): https://clawsec.prompt.security/releases/latest/download/feed.json

Monitored Keywords

The feed polls CVEs related to:

  • OpenClaw Platform: OpenClaw, clawdbot, Moltbot
  • NanoClaw Platform: NanoClaw, WhatsApp-bot, baileys
  • Prompt injection patterns
  • Agent security vulnerabilities

Exploitability Context

ClawSec enriches CVE advisories with exploitability context to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:

  • Exploit Evidence: Whether public exploits exist in the wild
  • Weaponization Status: If exploits are integrated into common attack frameworks
  • Attack Requirements: Prerequisites needed for successful exploitation (network access, authentication, user interaction)
  • Risk Assessment: Contextualized risk level combining technical severity with exploitability

This feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.

Advisory Schema

NVD CVE Advisory:

{
  "id": "CVE-2026-XXXXX",
  "severity": "critical|high|medium|low",
  "type": "vulnerable_skill",
  "platforms": ["openclaw", "nanoclaw"],
  "title": "Short description",
  "description": "Full CVE description from NVD",
  "published": "2026-02-01T00:00:00Z",
  "cvss_score": 8.8,
  "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
  "exploitability_score": "high|medium|low|unknown",
  "exploitability_rationale": "Why this CVE is or is not likely exploitable in agent deployments",
  "references": ["..."],
  "action": "Recommended remediation"
}

Community Advisory:

{
  "id": "CLAW-2026-0042",
  "severity": "high",
  "type": "prompt_injection|vulnerable_skill|tampering_attempt",
  "platforms": ["nanoclaw"],
  "title": "Short description",
  "description": "Detailed description from issue",
  "published": "2026-02-01T00:00:00Z",
  "affected": ["[email protected]"],
  "source": "Community Report",
  "github_issue_url": "https://github.com/.../issues/42",
  "action": "Recommended remediation"
}

Platform values:

  • "openclaw" - OpenClaw/Clawdbot/MoltBot only
  • "nanoclaw" - NanoClaw only
  • ["openclaw", "nanoclaw"] - Both platforms
  • (empty/missing) - All platforms (backward compatible)

๐Ÿ”„ CI/CD Pipelines

CI/CD pipeline details were moved to the wiki module page:

Related operations docs:

๐Ÿ› ๏ธ Offline Tools

ClawSec includes Python utilities for local skill development and validation.

Skill Validator

Validates a skill folder against the required schema:

python utils/validate_skill.py skills/clawsec-feed

Checks:

  • skill.json exists and is valid JSON
  • Required fields present (name, version, description, author, license)
  • SBOM files exist and are readable
  • OpenClaw metadata is properly structured

Skill Checksums Generator

Generates checksums.json with SHA256 hashes for a skill:

python utils/package_skill.py skills/clawsec-feed ./dist

Outputs:

  • checksums.json - SHA256 hashes for verification

๐Ÿ› ๏ธ Local Development

Prerequisites

  • Node.js 20+
  • Python 3.10+ (for offline tools)
  • npm

Setup

# Install dependencies
npm install

# Start development server
npm run dev

Populate Local Data

# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh

# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120

# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh

# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms

Notes:

  • npm run dev and npm run build automatically regenerate wiki llms.txt exports (predev/prebuild hooks).
  • public/wiki/ is generated output (local + CI) and is intentionally gitignored.

Build

npm run build

๐Ÿ“ Project Structure

โ”œโ”€โ”€ advisories/
โ”‚   โ”œโ”€โ”€ feed.json                    # Main advisory feed
โ”‚   โ”œโ”€โ”€ feed.json.sig                # Detached signature for feed.json
โ”‚   โ””โ”€โ”€ feed-signing-public.pem      # Public key for feed verification
โ”œโ”€โ”€ components/                      # React components
โ”œโ”€โ”€ pages/                           # Route/page components
โ”œโ”€โ”€ wiki/                            # Source-of-truth docs (synced to GitHub Wiki)
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ generate-wiki-llms.mjs       # wiki/*.md -> public/wiki/**/llms.txt
โ”‚   โ”œโ”€โ”€ populate-local-feed.sh       # Local CVE feed populator
โ”‚   โ”œโ”€โ”€ populate-local-skills.sh     # Local skills catalog populator
โ”‚   โ”œโ”€โ”€ populate-local-wiki.sh       # Local wiki llms export populator
โ”‚   โ”œโ”€โ”€ prepare-to-push.sh           # Local CI-style quality gate
โ”‚   โ”œโ”€โ”€ validate-release-links.sh    # Release link checks
โ”‚   โ””โ”€โ”€ release-skill.sh             # Manual skill release helper
โ”œโ”€โ”€ skills/
โ”‚   โ”œโ”€โ”€ claw-release/                # ๐Ÿš€ Release automation workflow skill
โ”‚   โ”œโ”€โ”€ clawsec-suite/               # ๐Ÿ“ฆ Suite installer (skill-of-skills)
โ”‚   โ”œโ”€โ”€ clawsec-feed/                # ๐Ÿ“ก Advisory feed skill
โ”‚   โ”œโ”€โ”€ clawsec-scanner/             # ๐Ÿ” Vulnerability scanner (deps + SAST + OpenClaw DAST)
โ”‚   โ”œโ”€โ”€ clawsec-nanoclaw/            # ๐Ÿ“ฑ NanoClaw platform security suite
โ”‚   โ”œโ”€โ”€ clawsec-clawhub-checker/     # ๐Ÿงช ClawHub reputation checks
โ”‚   โ”œโ”€โ”€ clawtributor/                # ๐Ÿค Community reporting skill
โ”‚   โ”œโ”€โ”€ hermes-attestation-guardian/ # ๐Ÿ›ก๏ธ Hermes attestation + drift verification
โ”‚   โ”œโ”€โ”€ openclaw-audit-watchdog/     # ๐Ÿ”ญ Automated audit skill
โ”‚   โ””โ”€โ”€ soul-guardian/               # ๐Ÿ‘ป File integrity skill
โ”œโ”€โ”€ utils/
โ”‚   โ”œโ”€โ”€ package_skill.py             # Skill packager utility
โ”‚   โ””โ”€โ”€ validate_skill.py            # Skill validator utility
โ”œโ”€โ”€ .github/workflows/
โ”‚   โ”œโ”€โ”€ ci.yml                       # Cross-platform lint/type/build + tests
โ”‚   โ”œโ”€โ”€ pages-verify.yml             # PR-only pages build/signing verification
โ”‚   โ”œโ”€โ”€ poll-nvd-cves.yml            # CVE polling pipeline
โ”‚   โ”œโ”€โ”€ community-advisory.yml       # Approved issue -> advisory PR
โ”‚   โ”œโ”€โ”€ skill-release.yml            # Skill release/signing pipeline
โ”‚   โ”œโ”€โ”€ deploy-pages.yml             # GitHub Pages deployment
โ”‚   โ”œโ”€โ”€ wiki-sync.yml                # Sync repo wiki/ to GitHub Wiki
โ”‚   โ”œโ”€โ”€ codeql.yml                   # CodeQL security analysis
โ”‚   โ””โ”€โ”€ scorecard.yml                # OpenSSF Scorecard checks
โ””โ”€โ”€ public/                          # Static assets + generated wiki exports

๐Ÿค Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

Submitting Security Advisories

Found a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:

  1. Open a new issue using the Security Incident Report template
  2. Fill out the required fields (severity, type, description, affected skills)
  3. A maintainer will review and add the advisory-approved label
  4. The advisory is automatically published to the feed as CLAW-{YEAR}-{ISSUE#}

See CONTRIBUTING.md for detailed guidelines.

Adding New Skills

  1. Create a skill folder under skills/
  2. Add skill.json with required metadata and SBOM
  3. Add SKILL.md with agent-readable instructions
  4. Validate with python utils/validate_skill.py skills/your-skill
  5. Submit a PR for review

๐Ÿ“š Documentation Source of Truth

For all wiki content, edit files under wiki/ in this repository. The GitHub Wiki (<repo>.wiki.git) is synced from wiki/ by .github/workflows/wiki-sync.yml when wiki/** changes on main.

LLM exports are generated from wiki/ into public/wiki/:

  • /wiki/llms.txt is the LLM-ready export for wiki/INDEX.md (or a generated fallback index if INDEX.md is missing).
  • /wiki/<page>/llms.txt is the LLM-ready export for that single wiki page.

๐Ÿ“„ License

  • Source code: GNU AGPL v3.0 or later - See LICENSE for details.
  • Fonts in font/: Licensed separately - See font/README.md.

ClawSec ยท Prompt Security, SentinelOne

๐Ÿฆž Hardening agentic workflows, one skill at a time.