Security

Builds DVSA/Traffic Commissioner “show me” audit readiness checklists and evidence indexes. USE WHEN preparing for audits or operator licence scrutiny.

Information Security Management System auditing for ISO 27001 compliance, security control assessment, and certification support

Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, performance testing, security testing.

Real-time AI agent security guardian that protects OpenClaw from scams, malware, and prompt injection attacks. Scan ClawHub skills before installing to detect malicious patterns (341+ known threats). Verify URLs, domains, and crypto wallet addresses for phishing and fraud. Monitor agent behavior for psychological manipulation (Cialdini P1-P6) and agent-to-agent social engineering. Generate SHA-256 legal evidence chains for suspicious interactions. Works as a continuous bodyguard, not just a one-time scanner. "When OpenClaw works, Scam Guards watches." Triggers: "is this safe", "scan skill", "check URL", "verify wallet", "security audit", "detect scam", "protect agent", "scan for malware", "check this link".

PCI DSS compliance expert for secure payment card handling and audit preparation. Use when implementing card tokenization, encrypting payment data, or preparing for PCI compliance audits. Covers SAQ levels, data minimization, access control, and audit logging requirements.

Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects.

AI skill for automated design audits. Evaluate interfaces against proven UX principles for visual hierarchy, accessibility, cognitive load, navigation, and more. Based on Making UX Decisions by Tommy Geoco.

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

Scan HTML and JSX for accessibility issues and get fix suggestions. Use when you need to catch WCAG violations before they hit production.

iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging.

Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes.

Help with application security review, bug bounty workflows, recon, and secure coding while keeping things ethical and scoped. Think critically, use real sources only, and reference OWASP.