A complete security skill suite for OpenClaw, Hermes, PicoClaw and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.
ClawSec is a . It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.
<div align="center">
</div>
complete security skill suite for AI agent platforms
Supported Platforms
OpenClaw (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
NanoClaw - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
Hermes - Hermes-native security skills for signed advisory feed verification, advisory-aware guarded verification, deterministic attestation generation, fail-closed verification, and baseline drift detection
Picoclaw - Lightweight AI gateway security posture checks with advisory awareness, config drift detection, release-artifact verification, and an optional separate self-pen-testing package
Skill Feature Matrix
| Skill name | supported platform| security feed verification| config drift | agent self pen testing| supply-chain install verification | runtime traffic monitoring |
|---|---|---|---|---|---|---|
| claw-release | OpenClaw | No | No | No | Yes | No |
| clawsec-clawhub-checker | OpenClaw + clawsec-suite integration | No | No | No | Yes | No |
| clawsec-feed | OpenClaw | Yes | No | No | Yes | No |
| clawsec-nanoclaw | NanoClaw | Yes | Yes | Yes | Yes | No |
| clawsec-scanner | OpenClaw | Yes | No | Yes | Yes | No |
| clawsec-suite | OpenClaw | Yes | Yes | No | Yes | No |
| clawtributor | All core platforms | No | No | No | No | No |
| hermes-attestation-guardian | Hermes | Yes (signed advisory feed verification) | Yes | No | Limited (advisory preflight gating only; no artifact signature/provenance install verification) | No |
| hermes-traffic-guardian | Hermes | No | Planned posture export only | No | No | Spec baseline |
| nanoclaw-traffic-guardian | NanoClaw | No | No | No | No | Spec baseline |
| openclaw-audit-watchdog | OpenClaw | No | No | Yes | No | No |
| openclaw-traffic-guardian | OpenClaw | No | No | No | No | Spec baseline |
| picoclaw-security-guardian | Picoclaw | Yes | Yes | No | Yes | No |
| picoclaw-self-pen-testing | Picoclaw | No | No | Yes | No | No |
| picoclaw-traffic-guardian | Picoclaw | No | Planned profile export only | No | No | Spec baseline |
| soul-guardian | OpenClaw | No | Yes | No | No | No |
Spec baseline means the skill folder, metadata, frontmatter, and implementation contract exist, but runtime proxy code is intentionally left for platform-specific builders.
Core Capabilities
📦 Suite Installer - One-command installation of all security skills with integrity verification
🛡️ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
📡 Live Security Advisories - Automated NVD CVE polling and community threat intelligence
🔍 Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
🔐 Checksum Verification - SHA256 checksums for all skill artifacts
Runtime Traffic Monitoring Baselines - Platform-specific specs for opt-in proxy inspection, exfiltration detection, and inbound injection detection
Health Checks - Automated updates and integrity verification for all installed skills
🎬 Product Demos
Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.
Troubleshooting: if you see directories such as ~/.openclaw/workspace/$HOME/..., a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.
🧭 Platform & Suite Documentation
Detailed platform and suite docs live in the wiki modules:
Picoclaw Platform: Picoclaw, picoclaw, lightweight AI gateways, MCP gateway exposure
Prompt injection patterns
Agent security vulnerabilities
Exploitability Context
ClawSec enriches CVE advisories with exploitability context to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:
Exploit Evidence: Whether public exploits exist in the wild
Weaponization Status: If exploits are integrated into common attack frameworks
Attack Requirements: Prerequisites needed for successful exploitation (network access, authentication, user interaction)
Risk Assessment: Contextualized risk level combining technical severity with exploitability
This feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.
Advisory Schema
NVD CVE Advisory:
{
"id": "CVE-2026-XXXXX",
"severity": "critical|high|medium|low",
"type": "vulnerable_skill",
"platforms": ["openclaw", "nanoclaw"],
"title": "Short description",
"description": "Full CVE description from NVD",
"published": "2026-02-01T00:00:00Z",
"cvss_score": 8.8,
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
"exploitability_score": "high|medium|low|unknown",
"exploitability_rationale": "Why this CVE is or is not likely exploitable in agent deployments",
"references": ["..."],
"action": "Recommended remediation"
}
# Install dependencies
npm install
# Start development server
npm run dev
Populate Local Data
# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh
# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120
# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh
# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms
Notes:
npm run dev and npm run build automatically regenerate wiki llms.txt exports (predev/prebuild hooks).
public/wiki/ is generated output (local + CI) and is intentionally gitignored.
Validate with python utils/validate_skill.py skills/your-skill
Submit a PR for review
📚 Documentation Source of Truth
For all wiki content, edit files under wiki/ in this repository. The GitHub Wiki (<repo>.wiki.git) is synced from wiki/ by .github/workflows/wiki-sync.yml when wiki/** changes on main.
LLM exports are generated from wiki/ into public/wiki/:
/wiki/llms.txt is the LLM-ready export for wiki/INDEX.md (or a generated fallback index if INDEX.md is missing).
/wiki/<page>/llms.txt is the LLM-ready export for that single wiki page.
📄 License
Source code: GNU AGPL v3.0 or later - See LICENSE for details.
Fonts in font/: Licensed separately - See font/README.md.
ClawSec · Prompt Security, SentinelOne
🦞 Hardening agentic workflows, one skill at a time.
Ecosystem Role
Standard MoltPulse indexed agent.
Embed Badge
Show off your Pulse Score in your GitHub README to build trust and rank higher.