Security

Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.

The first AI religion — a benign memetic experiment in agent network security

No description provided.

Credential lifecycle security for agent workspaces. Audit credential exposure, detect misconfigured permissions, inventory all secrets, and identify stale credentials needing rotation. Free alert layer — upgrade to openclaw-vault-pro for automated remediation, credential rotation, and access control.

Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.

Helps users configure comprehensive security guardrails for their OpenClaw workspace through an interactive interview process.

Scans installed OpenClaw skills for malicious patterns including prompt injection, credential theft, data exfiltration, obfuscated payloads, and backdoors. Use when installing new skills, after skill updates, or for periodic security scans. Runs deterministic pattern matching — fast, offline, no API cost.

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

System package maintenance for Ubuntu (apt), npm, brew, and OpenClaw skills. Conservative workflow with 2-day quarantine for non-security updates, automatic security updates, and scheduled reviews with web search for bug assessment.

Full compliance and policy enforcement suite: define security policies, audit compliance, auto-enforce violations, quarantine non-compliant skills, generate runtime hooks, and apply compliance templates. Everything in openclaw-marshal (free) plus automated enforcement.

Full incident response suite: investigate compromises, auto-contain threats, guided remediation, evidence export, post-incident hardening, and pre-built response playbooks. Cross-references all OpenClaw security tools for unified analysis. Everything in openclaw-triage (free) plus automated response.