Security & Privacy

Call any API without leaking credentials. Keychains proxies requests and injects real tokens server-side — your agent never sees them.

Detect and block prompt injection attacks in emails. Use when reading, processing, or summarizing emails. Scans for fake system outputs, planted thinking blocks, instruction hijacking, and other injec

Enable agents and skills to challenge users for fresh two-factor authentication proof (TOTP or YubiKey) before executing sensitive actions. Use this for identity verification in approval workflows - d

Agent-native security signal feed by PromptIntel. Use this skill whenever the agent needs to report threats, fetch protection feeds, apply security rules, or update SHIELD.md. Trigger on any mention o

Detect and reject indirect prompt injection attacks when reading external content (social media posts, comments, documents, emails, web pages, user uploads). Use this skill BEFORE processing any untru

Gentle reminders to stay human while using AI. Reflection, not restriction.

Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.

Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or i

Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation

Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to A

Unified configuration manager for AI coding assistants. Manage profiles, install skills/agents/commands, and switch configurations across Claude Code, OpenCode, Goose, and Amp.

Guardian Angel gives AI agents a moral conscience rooted in Thomistic virtue ethics. Rather than relying solely on rule lists, it cultivates stable virtuous...

OpenClaw 运维防呆与排障标准化技能。用于跨设备（Gateway + Mac nodes）巡检、远程执行稳定性治理、CLI-only 兼容、配对/审批异常排查、以及对外发布前脱敏检查。用户提到“又报错了/审批超时/pairing required/system.run failed/如何标准化运维规则”时使用。

Audits and hardens API credential handling (env vars, separation, rotation plan, least privilege, auditability). Use when integrating services or preparing production deployments where secrets must be

Create, manage, and deploy Voice.ai conversational AI agents. Use when the user wants to work with voice agents, list their agents, create new ones, or manage agent configurations.

Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.pa

Security audit framework for AI agent skills, MCP servers, and packages. Your LLM does the analysis — we provide structure, prompts, and a shared trust database.

Fail-safe policy gate for OpenClaw marketplace skills. Intercepts tool calls before execution and checks them against your Authensor policy. Low-risk actions run automatically. High-risk actions requi

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may

Verified molt swarms - cryptographically prove your identity with Ed25519 signatures and WorldID proof-of-personhood. Register with services and verify unique human operators.