ClawSec: Security Skill Suite for AI Agents
## Secure Your OpenClaw, NanoClaw, and Hermes Agents with a Complete Security Skill Suite
Brought to you by Prompt Security, the Platform for AI Security
๐ **Live at: [https://clawsec.prompt.security](https://clawsec.prompt.security) [https://prompt.security/clawsec](https://prompt.security/clawsec)**
[](https://github.com/prompt-security/clawsec/actions/workflows/ci.yml)
[](https://github.com/prompt-security/clawsec/actions/workflows/deploy-pages.yml)
[](https://github.com/prompt-security/clawsec/actions/workflows/poll-nvd-cves.yml)
---
## ๐ฆ What is ClawSec?
ClawSec is a **complete security skill suite for AI agent platforms**. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.
### Supported Platforms
- **OpenClaw** (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
- **NanoClaw** - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
- **Hermes** - Hermes-native security skills for signed advisory feed verification, advisory-aware guarded verification, deterministic attestation generation, fail-closed verification, and baseline drift detection
### Skill Feature Matrix
| Skill name | supported platform| security feed verification| config drift | agent self pen testing| supply-chain install verification |
|---|---|---|---|---|---|
| claw-release | OpenClaw | No | No | No | Yes |
| clawsec-clawhub-checker | OpenClaw + clawsec-suite integration | No | No | No | Yes |
| clawsec-feed | OpenClaw | Yes | No | No | Yes |
| clawsec-nanoclaw | NanoClaw | Yes | Yes | Yes | Yes |
| clawsec-scanner | OpenClaw | Yes | No | Yes | Yes |
| clawsec-suite | OpenClaw | Yes | Yes | No | Yes |
| clawtributor | OpenClaw | Yes | No | No | No |
| hermes-attestation-guardian | Hermes | Yes (signed advisory feed verification) | Yes | No | Limited (advisory preflight gating only; no artifact signature/provenance install verification) |
| openclaw-audit-watchdog | OpenClaw | No | No | Yes | No |
| soul-guardian | OpenClaw | No | Yes | No | No |
### Core Capabilities
- **๐ฆ Suite Installer** - One-command installation of all security skills with integrity verification
- **๐ก๏ธ File Integrity Protection** - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
- **๐ก Live Security Advisories** - Automated NVD CVE polling and community threat intelligence
- **๐ Security Audits** - Self-check scripts to detect prompt injection markers and vulnerabilities
- **๐ Checksum Verification** - SHA256 checksums for all skill artifacts
- **Health Checks** - Automated updates and integrity verification for all installed skills
---
## ๐ฌ Product Demos
Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.
### Install Demo (`clawsec-suite`)
[](public/video/install-demo.mp4)
Direct link: [install-demo.mp4](public/video/install-demo.mp4)
### Drift Detection Demo (`soul-guardian`)
[](public/video/soul-guardian-demo.mp4)
Direct link: [soul-guardian-demo.mp4](public/video/soul-guardian-demo.mp4)
---
## ๐ Quick Start
### For AI Agents
```bash
# Install the ClawSec security suite
npx clawhub@latest install clawsec-suite
```
After install, the suite can:
1. Discover installable protections from the published skills catalog
2. Verify release integrity using signed checksums
3. Set up advisory monitoring and hook-based protection flows
4. Add optional scheduled checks
Manual/source-first option:
> Read https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md and follow the installation instructions.
### For Humans
Copy this instruction to your AI agent:
> Install ClawSec with `npx clawhub@latest install clawsec-suite`, then complete the setup steps from the generated instructions.
### Shell and OS Notes
ClawSec scripts are split between:
- Cross-platform Node/Python tooling (`npm run build`, hook/setup `.mjs`, `utils/*.py`)
- POSIX shell workflows (`*.sh`, most manual install snippets)
For Linux/macOS (`bash`/`zsh`):
- Use unquoted or double-quoted home vars: `export INSTALL_ROOT="$HOME/.openclaw/skills"`
- Do **not** single-quote expandable vars (for example, avoid `'$HOME/.openclaw/skills'`)
For Windows (PowerShell):
- Prefer explicit path building:
- `$env:INSTALL_ROOT = Join-Path $HOME ".openclaw\\skills"`
- `node "$env:INSTALL_ROOT\\clawsec-suite\\scripts\\setup_advisory_hook.mjs"`
- POSIX `.sh` scripts require WSL or Git Bash.
Troubleshooting: if you see directories such as `~/.openclaw/workspace/$HOME/...`, a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.
---
## ๐งญ Platform & Suite Documentation
Detailed platform and suite docs live in the wiki modules:
- NanoClaw: [wiki/modules/nanoclaw-integration.md](wiki/modules/nanoclaw-integration.md)
- Hermes: [wiki/modules/hermes-attestation-guardian.md](wiki/modules/hermes-attestation-guardian.md)
- ClawSec Suite (OpenClaw): [wiki/modules/clawsec-suite.md](wiki/modules/clawsec-suite.md)
- CI/CD pipelines: [wiki/modules/automation-release.md](wiki/modules/automation-release.md)
Quick install links:
- NanoClaw install: [skills/clawsec-nanoclaw/INSTALL.md](skills/clawsec-nanoclaw/INSTALL.md)
- Hermes skill package: `skills/hermes-attestation-guardian/`
- Suite package: `skills/clawsec-suite/`
---
## ๐ก Security Advisory Feed
ClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).
### Feed URL
```bash
# Fetch latest advisories
curl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == "critical" or .severity == "high")'
```
Canonical endpoint: `https://clawsec.prompt.security/advisories/feed.json`
Compatibility mirror (legacy): `https://clawsec.prompt.security/releases/latest/download/feed.json`
### Monitored Keywords
The feed polls CVEs related to:
- **OpenClaw Platform**: `OpenClaw`, `clawdbot`, `Moltbot`
- **NanoClaw Platform**: `NanoClaw`, `WhatsApp-bot`, `baileys`
- Prompt injection patterns
- Agent security vulnerabilities
### Exploitability Context
ClawSec enriches CVE advisories with **exploitability context** to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:
- **Exploit Evidence**: Whether public exploits exist in the wild
- **Weaponization Status**: If exploits are integrated into common attack frameworks
- **Attack Requirements**: Prerequisites needed for successful exploitation (network access, authentication, user interaction)
- **Risk Assessment**: Contextualized risk level combining technical severity with exploitability
This feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.
### Advisory Schema
**NVD CVE Advisory:**
```json
{
"id": "CVE-2026-XXXXX",
"severity": "critical|high|medium|low",
"type": "vulnerable_skill",
"platforms": ["openclaw", "nanoclaw"],
"title": "Short description",
"description": "Full CVE description from NVD",
"published": "2026-02-01T00:00:00Z",
"cvss_score": 8.8,
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
"exploitability_score": "high|medium|low|unknown",
"exploitability_rationale": "Why this CVE is or is not likely exploitable in agent deployments",
"references": ["..."],
"action": "Recommended remediation"
}
```
**Community Advisory:**
```json
{
"id": "CLAW-2026-0042",
"severity": "high",
"type": "prompt_injection|vulnerable_skill|tampering_attempt",
"platforms": ["nanoclaw"],
"title": "Short description",
"description": "Detailed description from issue",
"published": "2026-02-01T00:00:00Z",
"affected": ["skill-name@1.0.0"],
"source": "Community Report",
"github_issue_url": "https://github.com/.../issues/42",
"action": "Recommended remediation"
}
```
**Platform values:**
- `"openclaw"` - OpenClaw/Clawdbot/MoltBot only
- `"nanoclaw"` - NanoClaw only
- `["openclaw", "nanoclaw"]` - Both platforms
- (empty/missing) - All platforms (backward compatible)
---
## ๐ CI/CD Pipelines
CI/CD pipeline details were moved to the wiki module page:
- [wiki/modules/automation-release.md](wiki/modules/automation-release.md)
Related operations docs:
- [wiki/security-signing-runbook.md](wiki/security-signing-runbook.md)
- [wiki/migration-signed-feed.md](wiki/migration-signed-feed.md)
---
## ๐ ๏ธ Offline Tools
ClawSec includes Python utilities for local skill development and validation.
### Skill Validator
Validates a skill folder against the required schema:
```bash
python utils/validate_skill.py skills/clawsec-feed
```
Checks:
- `skill.json` exists and is valid JSON
- Required fields present (name, version, description, author, license)
- SBOM files exist and are readable
- OpenClaw metadata is properly structured
### Skill Checksums Generator
Generates `checksums.json` with SHA256 hashes for a skill:
```bash
python utils/package_skill.py skills/clawsec-feed ./dist
```
Outputs:
- `checksums.json` - SHA256 hashes for verification
---
## ๐ ๏ธ Local Development
### Prerequisites
- Node.js 20+
- Python 3.10+ (for offline tools)
- npm
### Setup
```bash
# Install dependencies
npm install
# Start development server
npm run dev
```
### Populate Local Data
```bash
# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh
# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120
# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh
# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms
```
Notes:
- `npm run dev` and `npm run build` automatically regenerate wiki `llms.txt` exports (`predev`/`prebuild` hooks).
- `public/wiki/` is generated output (local + CI) and is intentionally gitignored.
### Build
```bash
npm run build
```
---
## ๐ Project Structure
```
โโโ advisories/
โ โโโ feed.json # Main advisory feed
โ โโโ feed.json.sig # Detached signature for feed.json
โ โโโ feed-signing-public.pem # Public key for feed verification
โโโ components/ # React components
โโโ pages/ # Route/page components
โโโ wiki/ # Source-of-truth docs (synced to GitHub Wiki)
โโโ scripts/
โ โโโ generate-wiki-llms.mjs # wiki/*.md -> public/wiki/**/llms.txt
โ โโโ populate-local-feed.sh # Local CVE feed populator
โ โโโ populate-local-skills.sh # Local skills catalog populator
โ โโโ populate-local-wiki.sh # Local wiki llms export populator
โ โโโ prepare-to-push.sh # Local CI-style quality gate
โ โโโ validate-release-links.sh # Release link checks
โ โโโ release-skill.sh # Manual skill release helper
โโโ skills/
โ โโโ claw-release/ # ๐ Release automation workflow skill
โ โโโ clawsec-suite/ # ๐ฆ Suite installer (skill-of-skills)
โ โโโ clawsec-feed/ # ๐ก Advisory feed skill
โ โโโ clawsec-scanner/ # ๐ Vulnerability scanner (deps + SAST + OpenClaw DAST)
โ โโโ clawsec-nanoclaw/ # ๐ฑ NanoClaw platform security suite
โ โโโ clawsec-clawhub-checker/ # ๐งช ClawHub reputation checks
โ โโโ clawtributor/ # ๐ค Community reporting skill
โ โโโ hermes-attestation-guardian/ # ๐ก๏ธ Hermes attestation + drift verification
โ โโโ openclaw-audit-watchdog/ # ๐ญ Automated audit skill
โ โโโ soul-guardian/ # ๐ป File integrity skill
โโโ utils/
โ โโโ package_skill.py # Skill packager utility
โ โโโ validate_skill.py # Skill validator utility
โโโ .github/workflows/
โ โโโ ci.yml # Cross-platform lint/type/build + tests
โ โโโ pages-verify.yml # PR-only pages build/signing verification
โ โโโ poll-nvd-cves.yml # CVE polling pipeline
โ โโโ community-advisory.yml # Approved issue -> advisory PR
โ โโโ skill-release.yml # Skill release/signing pipeline
โ โโโ deploy-pages.yml # GitHub Pages deployment
โ โโโ wiki-sync.yml # Sync repo wiki/ to GitHub Wiki
โ โโโ codeql.yml # CodeQL security analysis
โ โโโ scorecard.yml # OpenSSF Scorecard checks
โโโ public/ # Static assets + generated wiki exports
```
---
## ๐ค Contributing
We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
### Submitting Security Advisories
Found a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:
1. Open a new issue using the **Security Incident Report** template
2. Fill out the required fields (severity, type, description, affected skills)
3. A maintainer will review and add the `advisory-approved` label
4. The advisory is automatically published to the feed as `CLAW-{YEAR}-{ISSUE#}`
See [CONTRIBUTING.md](CONTRIBUTING.md#submitting-security-advisories) for detailed guidelines.
### Adding New Skills
1. Create a skill folder under `skills/`
2. Add `skill.json` with required metadata and SBOM
3. Add `SKILL.md` with agent-readable instructions
4. Validate with `python utils/validate_skill.py skills/your-skill`
5. Submit a PR for review
## ๐ Documentation Source of Truth
For all wiki content, edit files under `wiki/` in this repository. The GitHub Wiki (`.wiki.git`) is synced from `wiki/` by `.github/workflows/wiki-sync.yml` when `wiki/**` changes on `main`.
LLM exports are generated from `wiki/` into `public/wiki/`:
- `/wiki/llms.txt` is the LLM-ready export for `wiki/INDEX.md` (or a generated fallback index if `INDEX.md` is missing).
- `/wiki//llms.txt` is the LLM-ready export for that single wiki page.
---
## ๐ License
- Source code: GNU AGPL v3.0 or later - See [LICENSE](LICENSE) for details.
- Fonts in `font/`: Licensed separately - See [`font/README.md`](font/README.md).
---
**ClawSec** ยท Prompt Security, SentinelOne
๐ฆ Hardening agentic workflows, one skill at a time.