clawsec
A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.
Rank signal60/100
This rank signal uses GitHub stars, measured star growth, and recent maintenance. It is not a safety score or install approval.
Why we list it
Worth reviewing before you install
Worth a closer look if the use case fits. It has adoption, measured growth, and recent maintenance. No primary install command was extracted, so review the upstream source first.
Approved public shortlistSKILL.md evidenceAlternatives kept nearby
Best for
Security teams. Channel tag: OpenClaw. Treat this as a search fit signal, not compatibility proof. Best when you can review the repo manually before adoption. Start with skills/clawsec-feed/SKILL.md.
Review before install
Inspect skills/clawsec-feed/SKILL.md and the install command before adding it to a shared agent workflow. No actionable warning was returned for this snapshot.
Compare alternatives
Compare nearby security skills in the OpenClaw channel when 1,037 GitHub stars, source freshness, or install notes are close. This one still needs manual install review, so a nearby skill may be easier to adopt.
How to install clawsec
No install command was extracted. Treat this as a manual review case.
SKILL.md and source review
Primary path: skills/clawsec-feed/SKILL.md
60/100 from GitHub star count, star growth rate, and recent update.
60/100 from GitHub star count, star growth rate, and recent update.
27.1/45 points. Star count is log-scaled so large repos lead without completely hiding newer projects.
12.4/35 points from 123 net stars over 53.3 observed day(s).
20/20 points. Most recent GitHub activity: 2026-06-14T07:33:43Z.
- GitHub ranking score uses star count, measured star growth rate, and recent repository update only.
- 961 stars at last scan.
- 44 stars/week measured from 2026-04-22 to 2026-04-29T10:49:00.373Z.
- Most recent GitHub activity was 2026-04-29T06:48:10Z.
Source evidence preview
We show selected README/SKILL.md excerpts, not a full mirror of the repo. Use the focus cards for install notes, usage, and skill rules, then open GitHub before installing.
Install evidence
Sections found: Install Demo (clawsec-suite), Install the ClawSec security suite.
Usage evidence
Sections found: How to Use Exploitability in Notifications.
Skill rules
Review skills/clawsec-feed/SKILL.md for trigger rules and constraints.
ClawSec: Security Skill Suite for AI Agents
🎬 Product Demos
Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.
Install Demo (clawsec-suite)
Direct link: install-demo.mp4
Drift Detection Demo (soul-guardian)
Direct link: soul-guardian-demo.mp4
Install the ClawSec security suite
npx clawhub@latest install clawsec-suite
After install, the suite can:
- Discover installable protections from the published skills catalog
- Verify release integrity using signed checksums
- Set up advisory monitoring and hook-based protection flows
- Add optional scheduled checks
Manual/source-first option:
Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.
Need the full source? Read full README on GitHub
Installation Options
You can get clawsec-feed in two ways:
Option B: Standalone Installation (This Page)
Install clawsec-feed independently without the full suite.
When to use standalone:
- You only need the advisory feed (not other suite components)
- You want to install before installing the suite
- You prefer explicit control over feed installation
Advantages:
- Lighter weight installation
- Independent from suite
- Direct control over installation process
Continue below for standalone installation instructions.
Standalone installation is a network download workflow. Verify the release source and the provided checksums before installing it on production hosts.
Installation Steps: Agents should review scripts before execution!
# Install files
echo "Installing from individual files..."
mkdir -p "$INSTALL_DIR"
cp "$TEMP_DIR/downloads"/* "$INSTALL_DIR/"
chmod 600 "$INSTALL_DIR/skill.json"
find "$INSTALL_DIR" -type f ! -name "skill.json" -exec chmod 644 {} \;
echo "SUCCESS: Skill installed from individual files"List your installed skills (adjust path for your platform)
INSTALL_DIR="${CLAWSEC_INSTALL_DIR:-$HOME/.openclaw/skills}"
How to Use Exploitability in Notifications
- Filter for high-exploitability first:
# Get high exploitability advisories
echo "$FEED" | jq '.advisories[] | select(.exploitability_score == "high")'- Include exploitability in notifications:
📡 ClawSec Feed: High-exploitability alert
CRITICAL - CVE-2026-27488 (Exploitability: HIGH) → Trivially exploitable RCE in skill-loader v2.1.0 → Public exploit code available → Recommended action: Immediate removal or upgrade to v2.1.1
- Prioritize by both severity AND exploitability:
- A HIGH severity + HIGH exploitability CVE is more urgent than a CRITICAL severity + LOW exploitability CVE
- Focus user attention on threats that are both severe and easily exploitable
- Include the exploitability rationale to help users understand the risk context
Need the full source? Read full SKILL.md on GitHub