Security review · OpenClaw Suite

clawsec adoption decision

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release. A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, autom...

GitHub repo Adoption path Source evidence Back to skills last scan today

Job to solvesecurity analysis and review

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release.

Who should use itSecurity-minded developers reviewing repositories, reverse-engineering APIs, or auditing agent workflows.

Use this as a fit check before reading install commands.

Works withOpenClaw

Platform fit comes after the use case, not before it.

Adoption pathNeeds adoption review

No trusted setup command was extracted yet. Open the source evidence before adopting it.

Trust signalREADME + SKILL.md

12 SKILL.md + README evidence, 961 stars, and today repo freshness at last scan.

Decision snapshot

GitHub repositoryprompt-security/clawsec

Primary SKILL.mdskills/clawsec-feed/SKILL.md

Works withOpenClaw

TypeSuite

Last pushedtoday

Stars961

Forks99

Adoption pathNeeds adoption review

Source evidencestrong

Best forSecurity review

Trust check

Last pushedtodayLast pushed Apr 29, 2026.

Install pathneeds reviewNo trusted install path was extracted at last scan.

Source evidencestrong12 SKILL.md file(s) plus README/source excerpts were evaluated.

GitHub reach961 stars961 stars and 99 forks at last scan.

Shortlist fitsolid fit74/100 from install clarity, source quality, scope fit, and current GitHub evidence.

Compare with these skills

OpenClaw-Medical-Skillsclearer install path · FreedomIntelligence/OpenClaw-Medical-Skillsclear installmore adoptedsame platform70solid fit x-tweet-fetchersingle skill instead of a full suite · ythx-101/x-tweet-fetcherlighter picksingle skillsame platform68solid fit model-hierarchysingle skill instead of a full suite · zscole/model-hierarchy-skilllighter picksingle skillsame platform68solid fit x-bookmarkssingle skill instead of a full suite · sharbelxyz/x-bookmarkslighter picksingle skillsame platform68solid fit chat-history-importsingle skill instead of a full suite · dashhuang/openclaw-chat-history-importlighter picksingle skillsame platform68solid fit

Why we list it

READMEpresentREADME.md is part of the public evidence set.

SKILL.md12 found12 path(s) found by recursive tree scan.

Installneeds review0 source file(s) produced install evidence.

Overview

What job does it solve?Security review

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release.

Who should use it?Security-minded developers reviewing repositories, reverse-engineering APIs, or auditing agent workflows.

security analysis and review for OpenClaw users.

Works withOpenClaw

Check platform compatibility after confirming the use case fits your workflow.

How can I adopt it?Needs adoption review

No trusted setup command was extracted yet. Open the source evidence before adopting it.

Can I trust it?README + SKILL.md

12 SKILL.md + README evidence, 961 stars, and today repo freshness at last scan.

What to compare?5 related skills

Use the comparison list below to avoid adopting the first matching repo blindly.

Quick read

A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.

ClawSec: Security Skill Suite for AI Agents

Why we list it

Public because this is a source-backed cohesive skill suite with enough current evidence to qualify for the shortlist.
Current GitHub metadata is available for prompt-security/clawsec.
12 SKILL.md file(s) were found in the recursive tree scan.
README content is available as part of the public evidence set.

Adoption path for clawsec

Needs adoption review: no trusted setup path was extracted yet.

Source evidence

Source excerpts used for this adoption decision. Low-confidence cases link back to GitHub instead of forcing a misleading quote.

README excerpt

README.md

ClawSec: Security Skill Suite for AI Agents

🎬 Product Demos

Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.

Install Demo (`clawsec-suite`)

Direct link: install-demo.mp4

Drift Detection Demo (`soul-guardian`)

Direct link: soul-guardian-demo.mp4

Install the ClawSec security suite

npx clawhub@latest install clawsec-suite


After install, the suite can:
1. Discover installable protections from the published skills catalog
2. Verify release integrity using signed checksums
3. Set up advisory monitoring and hook-based protection flows
4. Add optional scheduled checks

Manual/source-first option:

> Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.

SKILL.md excerpt

skills/clawsec-feed/SKILL.md

Installation Options

You can get clawsec-feed in two ways:

Option B: Standalone Installation (This Page)

Install clawsec-feed independently without the full suite.

When to use standalone:

You only need the advisory feed (not other suite components)
You want to install before installing the suite
You prefer explicit control over feed installation

Advantages:

Lighter weight installation
Independent from suite
Direct control over installation process

Continue below for standalone installation instructions.

Standalone installation is a network download workflow. Verify the release source and the provided checksums before installing it on production hosts.

Installation Steps:

Agents should review scripts before execution!


# Install files
echo "Installing from individual files..."
mkdir -p "$INSTALL_DIR"
cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/"
chmod 600 "$INSTALL_DIR/skill.json"
find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
echo "SUCCESS: Skill installed from individual files"

List your installed skills (adjust path for your platform)

INSTALL_DIR="${CLAWSEC_INSTALL_DIR:-$HOME/.openclaw/skills}"

How to Use Exploitability in Notifications

1. Filter for high-exploitability first:

   # Get high exploitability advisories
   echo "$FEED" | jq '.advisories[] | select(.exploitability_score == "high")'

2. Include exploitability in notifications:

   📡 ClawSec Feed: High-exploitability alert

   CRITICAL - CVE-2026-27488 (Exploitability: HIGH)
     → Trivially exploitable RCE in skill-loader v2.1.0
     → Public exploit code available
     → Recommended action: Immediate removal or upgrade to v2.1.1

3. Prioritize by both severity AND exploitability:

A HIGH severity + HIGH exploitability CVE is more urgent than a CRITICAL severity + LOW exploitability CVE
Focus user attention on threats that are both severe and easily exploitable
Include the exploitability rationale to help users understand the risk context

GitHub repository
Primary SKILL.md
12 SKILL.md file(s) found

Show scanned SKILL.md paths (12)

skills/claw-release/SKILL.md
skills/clawsec-clawhub-checker/SKILL.md
skills/clawsec-feed/SKILL.md
skills/clawsec-nanoclaw/SKILL.md
skills/clawsec-scanner/SKILL.md
skills/clawsec-suite/SKILL.md
skills/clawtributor/SKILL.md
skills/hermes-attestation-guardian/SKILL.md
skills/openclaw-audit-watchdog/SKILL.md
skills/picoclaw-security-guardian/SKILL.md
skills/picoclaw-self-pen-testing/SKILL.md
skills/soul-guardian/SKILL.md

clawsec adoption decision

Overview

Quick read

Adoption path for clawsec

Compare with these skills

Source evidence

README excerpt

🎬 Product Demos

Install Demo (clawsec-suite)

Drift Detection Demo (soul-guardian)

Install the ClawSec security suite

SKILL.md excerpt

Installation Options

Option B: Standalone Installation (This Page)

List your installed skills (adjust path for your platform)

How to Use Exploitability in Notifications

Install Demo (`clawsec-suite`)

Drift Detection Demo (`soul-guardian`)