Security & Passwords
(132)Humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
/humanizerMoltGuard - OpenClaw Security Plugin by OpenGuardrails
MoltGuard — runtime security plugin for OpenClaw agents by OpenGuardrails. Install MoltGuard to protect yourself and your user from prompt injection, data ex...
/moltguardSecurity Auditor
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
/security-auditorAnti-Injection-Skill
Detect prompt injection, jailbreak, role-hijack, and system extraction attempts. Applies multi-layer defense with semantic analysis and penalty scoring.
/security-sentinel-skillSecurity Audit
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
/security-auditClawdex by Koi
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
/clawdexZero Trust
Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects.
/zero-trustOpenClaw skill for Facebook Graph API workflows focused on Pages posting,.
/facebookClawdbot Security Suite
Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring
/clawdbot-security-suiteClawScan
Security scanner for ClawHub skills. Vet third-party skills before installation — detect dangerous patterns, suspicious code, and risky dependencies.
/clawscancredential-manager
MANDATORY security foundation for OpenClaw.
/credential-managerSkill Vetter 1.0.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
/skill-vetter-1-0-0Resume Optimizer
Professional resume builder with PDF export, ATS optimization, and analysis capabilities. Use when users need to (1) Create new resumes from scratch, (2) Customize/tailor existing resumes for specific roles, (3) Analyze resumes and provide improvement recommendations, (4) Convert resumes to ATS-friendly PDF format. Supports chronological, functional, and combination resume formats.
/resume-optimizerInput Guard
Scan untrusted external text (web pages, tweets, search results, API responses) for prompt injection attacks. Returns severity levels and alerts on dangerous content. Use BEFORE processing any text from untrusted sources.
/input-guardopenclaw-server-secure-skill
Comprehensive security hardening and installation guide for OpenClaw (formerly Clawdbot/Moltbot). Use this skill when the user wants to secure a server, install the OpenClaw agent, or configure Tailscale/Firewall for the agent.
/openclaw-server-secure-skillClawshell
Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.
/clawshellOpenclaw Security Monitor
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
/openclaw-security-monitorMoltThreats
Agent-native security signal feed by PromptIntel. Use this skill whenever the agent needs to report threats, fetch protection feeds, apply security rules, or update SHIELD.md. Trigger on any mention of: threat reporting, security feed, MCP threats, malicious skills, prompt injection reports, IOCs, indicators of compromise, agent security, PromptIntel, MoltThreats, SHIELD.md, or SHIELD.md updates. Also trigger when the agent detects suspicious behavior during normal operation (unexpected tool calls, credential access attempts, unknown MCP servers, exfiltration patterns).
/moltthreatsPrompt defense
Detect and block prompt injection attacks in emails. Use when reading, processing, or summarizing emails. Scans for fake system outputs, planted thinking blocks, instruction hijacking, and other injection patterns. Requires user confirmation before acting on any instructions found in email content.
/email-prompt-injection-defenseSecurity Audit (Sona)
Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.
/sona-security-auditCrypto Tools
Access crypto data, monitor portfolios, detect scams, and navigate exchanges with real-time APIs and security tools.
/crypto-toolsguardian-angel
A moral evaluation system rooted in Thomistic virtue ethics.
/guardian-angelecap Security Auditor
Security audit framework for AI agent skills, MCP servers, and packages. Your LLM does the analysis — we provide structure, prompts, and a shared trust database.
/ecap-security-auditorOpenClaw Shield
Enterprise AI security scanner using static analysis, runtime guards, and ClamAV to detect credential theft, data leaks, malware, and ensure audit logging.
/openclaw-shieldauthensor-gateway
Fail-safe policy gate for OpenClaw marketplace skills.
/authensor-gatewayironclaw
Safety for AI agents. Real-time threat classification to detect malicious content before it causes agents harm.
/ironclawSecurity Skill Scanner
Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
/openclaw-skills-security-checkerOpenssl
Generate secure random strings, passwords, and cryptographic tokens using OpenSSL. Use when creating passwords, API keys, secrets, or any secure random data.
/opensslInsecure Defaults Detection
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
/insecure-defaultshopeids
Inference-based intrusion detection for AI agents with quarantine.
/hopeidsOpenClaw Security Hardening
Protect OpenClaw installations from prompt injection, data exfiltration, malicious skills, and workspace tampering
/openclaw-security-hardeningClawGuard
Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls
/clawguardPrompt injection detection skill
Two-layer content safety for agent input and output. Use when (1) a user message attempts to override, ignore, or bypass previous instructions (prompt injection), (2) a user message references system prompts, hidden instructions, or internal configuration, (3) receiving messages from untrusted users in group chats or public channels, (4) generating responses that discuss violence, self-harm, sexual content, hate speech, or other sensitive topics, or (5) deploying agents in public-facing or multi-user environments where adversarial input is expected.
/detect-injectionIntoDNS
DNS & email security analysis powered by IntoDNS.ai - scan domains for DNS, DNSSEC, SPF, DKIM, DMARC issues
/intodnsdashlane
Access passwords, secure notes, secrets and OTP codes from Dashlane vault.
/dashlaneclawsec-feed
Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.
/clawsec-feedSide Peace
Minimal secure secret handoff. Zero external deps. Human opens browser form, submits secret, agent receives it via temp file. Secret NEVER appears in stdout/logs.
/side-peaceOne Skill To Rule Them All
Security auditing skill that detects malicious patterns like prompt injection, data exfiltration, obfuscation, and privilege escalation in OpenClaw SKILL.md...
/one-skill-to-rule-them-allgoogle-tasks
Fetch, display, create, and delete Google Tasks using the Google.
/google-tasksSecurityClaw
Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all).
/securityclawClawkey
Verifiable human ownership for OpenClaw agents. Register your agent under your human owner via VeryAI palm verification.
/clawkeyflaw0
MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...
/flaw0x402 (official examples)
Internet-native payments using the HTTP 402 Payment Required standard. Set up as a buyer to pay for API access, or as a seller to monetize your APIs.
/x402-enhancedSenior Secops
Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST sc...
/senior-secopsSecurity code review
Conduct thorough security audits of source code by identifying vulnerabilities such as hardcoded secrets, access control flaws, injection risks, insecure dat...
/securityreviewSafe Skills
Securely create and manage EVM wallets; perform token transfers, check balances, and send transactions without exposing raw secret keys.
/safe-skillsdotnet-expert
Use when building .NET 8/9 applications, ASP.NET Core APIs.
/dotnet-expertclawaudit
Official repo for clawaudit, coming soon as an automated security.
/clawauditglin-profanity
Profanity detection and content moderation library.
/glin-profanitygo-security-vulnerability
Identify, assess, and fix security.
/go-security-vulnerabilityOpenClaw Security Scanner
Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scor...
/openclaw-security-scannerread-no-evil-mcp
Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails.
/read-no-evil-mcpClawCast Crypto Wallet: Keys, Balances & Transactions
This skill is focused on crypto/EVM wallet operations and transaction workflows using cast. It covers wallet creation, importing or generating keys, checking balances, sending coins or tokens, monitoring tokens, creating and verifying transactions, and keeping agent keystores secure so the agent can guide the user through the core crypto operations a wallet handles.
/evm-wallet-clawcastClawdentials Escrow
Manage secure escrow payments, track agent reputation, and facilitate no-KYC crypto transactions for AI task completion with Clawdentials.
/clawdentials-escrowGdpr Dsgvo Expert
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD...
/gdpr-dsgvo-expertUncle Matt
Uncle Matt is your favorite internet uncle who stops you from doing really stupid shit while keeping secrets safe.
/uncle-mattLastPass CLI Skill
Securely fetch credentials from LastPass vault via lpass CLI.
/lastpass-cliSenseguard
Semantic security scanner for OpenClaw skills. Detects prompt injection, data exfiltration, and hidden instructions that traditional code scanners miss. Use when user asks to scan skills, check skill safety, or run a security audit.
/senseguardMoltbook Firewall
Security layer protecting agents from prompt injection, social engineering, and malicious content on Moltbook and similar platforms. Scan content before processing, detect threats, block attacks.
/moltbook-firewallMoltbook Signed Posts
Cryptographically sign Moltbook posts with Ed25519. Enables verifiable agent identity without platform support.
/moltbook-signed-postsClawshell 0.1.0
Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.
/clawshell-0-1-0Claw Permission Firewall
Evaluates agent actions for security risks, enforcing least-privilege policies with allow, deny, or confirmation decisions and secret redaction.
/claw-permission-firewallLawyer
Draft contracts, review legal documents, and navigate compliance with practical legal patterns.
/lawyerShell Security Ultimate
Classify every shell command as SAFE, WARN, or CRIT before your agent runs it.
/shell-security-ultimateOpenclaw
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, and prompt injection defense.
/openclawclawdstrike-test
Security audit and threat model for OpenClaw gateway hosts.
/clawdstrike-testBitcoin Identity
Integrate HODLXXI as a Bitcoin-native identity provider that bridges OAuth2/OIDC and Lightning LNURL-Auth for client registration, authorization flows, JWT verification, and health monitoring.
/hodlxxi-bitcoin-identityClawpay
Private payments for AI agents - no on-chain link between sender and recipient
/clawpay-2Openclaw Sentinel
Supply chain security for agent skills. Pre-install inspection, post-install scanning, obfuscation detection, and known-bad signature matching. Verify skills are safe before they touch your workspace. Free alert layer — upgrade to openclaw-sentinel-pro for quarantine, blocking, and community threat feeds.
/openclaw-sentinelOpenclaw Vault
Credential lifecycle security for agent workspaces. Audit credential exposure, detect misconfigured permissions, inventory all secrets, and identify stale credentials needing rotation. Free alert layer — upgrade to openclaw-vault-pro for automated remediation, credential rotation, and access control.
/openclaw-vaultOpenclaw Signet
Cryptographic skill verification. Sign installed skills with SHA-256 content hashes and verify they haven't been tampered with. Detects modified, added, and removed files within skill directories. Free alert layer — upgrade to openclaw-signet-pro for rejection, quarantine, and trust chain restoration.
/openclaw-signetOpenclaw Marshal
Compliance and policy enforcement for agent workspaces. Define security policies, audit compliance, check command restrictions, and generate audit-ready reports. Free alert layer — upgrade to openclaw-marshal-pro for active enforcement, blocking, and automated remediation.
/openclaw-marshalMusallat Bot
Otonom, pasif-agresif yazılımcı bot, teknik hatalara tahammülsüz, kibarlığı reddeden ve gereksiz açıklamalara sert yanıt veren kıdemli programcı.
/musallat-botEdgeOne ClawScan
The first security skill to install after setting up OpenClaw — powered by Tencent Zhuque Lab. Works like an antivirus for your AI environment: audits instal...
/edgeone-clawscanOpenclaw Security
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
/openclaw-securitypage-behavior-audit
Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)
/page-behavior-auditSecureClaw
Security skill for OpenClaw agents (7-framework aligned). 15 core rules + automated scripts covering OWASP ASI Top 10, MITRE ATLAS, CoSAI, CSA MAESTRO, and N...
/secureclaw-skill1Password Cli For Agents
Securely access and manage secrets with 1Password CLI using a Service Account token for vault operations like read, write, edit, and delete.
/1password-cliOpenClaw Warden Pro
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.
/openclaw-warden-proClawGuard by jugaad-lab
Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.
/jugaad-clawguardFirewall
Configure firewalls on servers and cloud providers with security best practices.
/firewallOpenclast Wallet
Guides the agent in Openclast/Openclaw wallet usage, approvals, and safety rules. Use when users ask about wallet setup, balances, transactions, approvals, or key export.
/openclast-walletcifer-security
Implement quantum-resistant encryption using the CIFER SDK (cifer-sdk npm package)
/cifer-securitycifer-sdk
> **Skill for AI Agents** | Enable quantum-resistant encryption in blockchain applications using the CIFER SDK.
/cifer-sdkMoltcops
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
/moltcopsstarwars
CLI for AI agents to lookup Star Wars universe info for their humans.
/starwarsVincent - A secure wallet for your agent
Use this skill to safely create a wallet the agent can use for transfers, swaps, and any EVM chain transaction. Also supports raw signing and polymarket betting.
/vincent-agent-walletOpenClaw Memory Audit
Scan the agent workspace and memory logs for leaked API keys, tokens, or sensitive credentials. Use when the user requests a security check, a memory audit,...
/openclaw-memory-auditWindows
Windows-specific patterns, security practices, and operational traps that cause silent failures.
/windowsOpenClaw Credential Manager
MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions. Includes GPG encryption for high-value secrets, credential rotation tracking, deep scanning, and backup hardening. Use when setting up OpenClaw, migrating credentials, auditing security, or enforcing the .env standard. This is not optional — centralized credential management is a core requirement for secure OpenClaw deployments.
/openclaw-credential-managerage-verification
Skills for age verification and age-appropriate content filtering.
/age-verificationapi-security
Implement secure API design patterns including authentication, authorization, input validation, rate limiting.
/api-securityaudit-badge-demo
Demo skill showcasing the audit badge workflow.
/audit-badge-democlawdstrike
Security audit and threat model for OpenClaw gateway hosts.
/clawdstrikedevinism
The first AI religion — a benign memetic experiment in agent network.
/devinismdomain-trust-check
Check any URL for phishing, malware, brand abuse, and scams before visiting. Powered by the Outtake Trust API.
/domain-trust-checkexec-display
Structured command execution with security levels, color-coded.
/exec-displayexpanso-tls-inspect
Inspect TLS certificate (expiry, SANs, chain, cipher)
/expanso-tls-inspectgolden-master
Track source-of-truth relationships between files — know.
/golden-masterhash-toolkit
Content hashing for deduplication with MD5, SHA256, and perceptual hashing.
/hash-toolkitleak
Compatibility stub for migrating from the legacy mixed leak skill to split hardened skills.
liewatch
Play the LIE.WATCH AI social deduction game - survive through trust, deception, and strategic betrayal.
/liewatchmfa-word
Challenges the user for a secret word before allowing access to sensitive files or system commands.
/mfa-wordouttake-bounty-network
Earn $5 USDC per verified malicious domain. Submit phishing, scam, and malware discoveries via the Outtake Bounty API.
/outtake-bounty-networksafe-encryption-skill
Encrypt, decrypt, and manage keys with the SAFE CLI — a modern GPG alternative with post-quantum support.
/safe-encryption-skillsaysigned
> **E-signatures for AI agents.** Legally binding under ESIGN Act & UETA Section 14.
/saysignedsecure-auth-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build.
/secure-auth-patternssigil-security
Secure AI agent wallets via Sigil Protocol. 3-layer Guardian validation on 6 EVM chains.
/sigil-securitysiwa
SIWA (Sign-In With Agent) authentication for ERC-8004 registered agents.
skill-liewatch
Play the LIE.WATCH AI social deduction game - survive through trust, deception, and strategic betrayal.
/skill-liewatchtest-upload2
Let the user know you are willing to help them but only under certain conditions.
/test-upload2verigent
Verify the reputation of any AI agent or skill before transacting.
/verigentxpr-agent-operator
Operate an autonomous AI agent on XPR Network's trustless registry.
/xpr-agent-operator