Skip to content
/ openclaw-skills-security Public

Curated, security-first OpenClaw skills (Markdown-based). Security audit skills - detect prompt injection, supply chain attacks, credential leaks. Works with Codex CLI, Claude Code, any LLM.

useclaw.pro

License

MIT license
14 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UseAI-pro/openclaw-skills-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
assets
assets
 
 
catalog
catalog
 
 
docs
docs
 
 
scripts
scripts
 
 
skills
skills
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 

Repository files navigation

openclaw-skills-security

Security-first skills for the OpenClaw ecosystem — maintained by UseClawPro (UseAI.pro).

Two auditor skills for end-users, plus 11 reusable modules (advanced checks).

Job Skill What it does
Audit a skill skill-auditor Vet any SKILL.md before install (typosquatting, permissions, prompt injection, supply chain, exfiltration)
Audit your setup setup-auditor Check your environment for credential leaks, unsafe defaults, missing sandbox (wizard-style)

These are instruction modules (SKILL.md) — they don't run on their own. Load them into a host agent (Codex CLI / Claude Code / OpenClaw) or paste into any LLM chat.

Quick links:

Quickstart

Job 1 — Audit a skill before installing

Fast (browser): paste the skill URL/name into UseClawPro Verifier.

Deep (agent): load skill-auditor and give it the target:

1) Paste skills/skill-auditor/SKILL.md into your agent
2) Paste the target skill's SKILL.md
3) Ask: "Audit this skill. Return a SKILL AUDIT REPORT."

The auditor runs a 6-step protocol: metadata & typosquat check → permission analysis → dependency audit → prompt injection scan → network & exfiltration analysis → content red flags.

Verdict: SAFE / SUSPICIOUS / DANGEROUS / BLOCK.

Job 2 — Audit your environment

Load setup-auditor and answer 5 wizard questions about your workspace:

1) Paste skills/setup-auditor/SKILL.md into your agent
2) Answer the wizard: workspace path, host agent, permissions, sandbox, ports
3) Get a SETUP AUDIT REPORT with a fix checklist

The auditor runs a 4-step protocol: credential scan → config audit → sandbox readiness → persistence check.

Verdict: READY / RISKY / NOT_READY.

Install into your host agent

  • Codex CLI (global): ln -s "$PWD/skills/skill-auditor" ~/.codex/skills/skill-auditor and ln -s "$PWD/skills/setup-auditor" ~/.codex/skills/setup-auditor
  • Claude Code (project): ln -s "$PWD/skills/skill-auditor" .claude/skills/skill-auditor and ln -s "$PWD/skills/setup-auditor" .claude/skills/setup-auditor
  • No tooling: just paste the SKILL.md content into your LLM chat.

Modules are optional: you usually don't need to install them separately.

Threat coverage

Both auditors together cover 12/12 real-world attack types observed in the wild (including the ClawHavoc campaign):

# Attack type skill-auditor setup-auditor
T1 Typosquatting primary
T2 Credential theft primary
T3 Crypto miners primary
T4 Reverse shells primary yes
T5 Prompt injection primary
T6 Skill loader exploits primary yes
T7 Obfuscated commands yes
T8 Supply chain attack primary
T9 Social engineering yes
T10 Persistence primary
T11 Over-privilege primary yes
T12 Data exfiltration primary yes

Full evidence: docs/threat-coverage-matrix.md

Flow

flowchart TD
  A[Find a skill] --> B{Audit before install}
  B -->|Fast| C[UseClawPro Verifier]
  B -->|Deep| D[skill-auditor]
  C --> E{Verdict}
  D --> E
  E -->|SAFE| F[Install into host agent]
  E -->|DANGER| G[Do not install — report it]
  F --> H[Run in sandbox, no network]
  H -->|Suspect compromise?| I[Incident Response Playbook]

  J[New environment] --> K[setup-auditor]
  K --> L{Verdict}
  L -->|READY| M[Safe to run skills]
  L -->|NOT_READY| N[Fix checklist → re-run]
Loading

What's inside

skills/
  skill-auditor/SKILL.md    — Job 1: vet any skill (6-step protocol)
  setup-auditor/SKILL.md    — Job 2: audit your environment (wizard + 4-step)
  config-hardener/SKILL.md  — module: harden OpenClaw config
  credential-scanner/SKILL.md — module: scan workspace for leaked secrets
  dependency-auditor/SKILL.md — module: supply chain / install hooks
  incident-responder/SKILL.md — module: post-incident playbook (contain → rotate → recover)
  network-watcher/SKILL.md  — module: network/exfil checks
  output-sanitizer/SKILL.md — module: redact secrets/PII from agent output
  permission-auditor/SKILL.md — module: permission fit + dangerous combos
  prompt-guard/SKILL.md     — module: prompt injection detection
  sandbox-guard/SKILL.md    — module: Docker sandbox profiles
  skill-guard/SKILL.md      — module: runtime monitoring checklist
  skill-vetter/SKILL.md     — module: legacy “deep audit” checklist

docs/
  threat-coverage-matrix.md — evidence: which checks catch which attacks
  config-hardening-checklist.md — minimum security baseline
  incident-response-playbook.md — what to do if compromised

What it checks (and what it doesn't)

skill-auditor checks:

  • Typosquatting & naming anomalies
  • Permission combinations (network + shell = critical)
  • Dependency supply chain (install hooks, obfuscation, recent publish)
  • Prompt injection patterns (role hijacking, hidden instructions)
  • Network exfiltration (suspicious endpoints, DNS tunneling, data in headers)
  • Content red flags (credential paths, encoded commands, sudo)

setup-auditor checks:

  • Exposed secrets in workspace (.env, keys, tokens — with regex patterns)
  • Config hardening (AGENTS.md, permission defaults, gateway)
  • Sandbox readiness (Docker, resource limits, isolation)
  • Persistence indicators (.bashrc, authorized_keys, cron, git hooks)

Neither guarantees:

  • Runtime behavior analysis (static check only)
  • Zero-day logic hidden in dependencies
  • Full supply chain provenance

Treat untrusted skills as code execution. Default to sandboxing.

Skills catalog

Skill Type Category Trust Perms Last audited
skill-auditor auditor Security 97 R 2026-02-05
setup-auditor auditor Security 96 R,W 2026-02-05
credential-scanner module Security 98 R 2026-02-01
prompt-guard module Security 97 R 2026-02-03
skill-vetter module Security 97 R 2026-02-01
incident-responder module Security 96 R,W 2026-02-03
permission-auditor module Security 96 R 2026-02-01
skill-guard module Security 96 R 2026-02-03
config-hardener module Security 95 R,W 2026-02-01
network-watcher module Security 95 R 2026-02-03
sandbox-guard module Security 95 R,W 2026-02-01
output-sanitizer module Security 94 R 2026-02-03
dependency-auditor module Security 93 R 2026-02-03

Report a malicious skill

If you find a suspicious OpenClaw skill in the wild, please open an issue (sanitized evidence, no secrets):

Contributing

See CONTRIBUTING.md.

About

Curated, security-first OpenClaw skills (Markdown-based). Security audit skills - detect prompt injection, supply chain attacks, credential leaks. Works with Codex CLI, Claude Code, any LLM.

useclaw.pro

Topics

security-audit ai-safety malware-detection ai-security prompt-injection llm-security skill-marketplace moltbot moltbot-skills openclaw openclaw-skills openclaw-security openclaw-setup

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

14 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages