A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.
ClawSec is a complete security skill suite for AI agent platforms. It provides unified security monitoring, integrity verification, and threat intelligence-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.
Supported Platforms
OpenClaw (MoltBot, Clawdbot, and clones) - Full suite with skill installer, file integrity protection, and security audits
NanoClaw - Containerized WhatsApp bot security with MCP tools for advisory monitoring, signature verification, and file integrity
<div align="center">
</div>
Core Capabilities
๐ฆ Suite Installer - One-command installation of all security skills with integrity verification
๐ก๏ธ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
๐ก Live Security Advisories - Automated NVD CVE polling and community threat intelligence
๐ Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
๐ Checksum Verification - SHA256 checksums for all skill artifacts
Health Checks - Automated updates and integrity verification for all installed skills
๐ฌ Product Demos
Animated previews below are GIFs (no audio). Click any preview to open the full MP4 with audio.
Troubleshooting: if you see directories such as ~/.openclaw/workspace/$HOME/..., a home variable was passed literally. Re-run using an absolute path or an unquoted home expression.
๐ฑ NanoClaw Platform Support
ClawSec now supports NanoClaw, a containerized WhatsApp bot powered by Claude agents.
clawsec-nanoclaw Skill
Location: skills/clawsec-nanoclaw/
A complete security suite adapted for NanoClaw's containerized architecture:
9 MCP Tools for agents to check vulnerabilities
Advisory checking and browsing
Pre-installation safety checks
Skill package signature verification (Ed25519)
File integrity monitoring
Automatic Advisory Feed - Fetches and caches advisories every 6 hours
Platform Filtering - Shows only NanoClaw-relevant advisories
IPC-Based - Container-safe host communication
Full Documentation - Installation guide, usage examples, troubleshooting
Advisory Feed for NanoClaw
The feed now monitors NanoClaw-specific keywords:
NanoClaw - Direct product name
WhatsApp-bot - Core functionality
baileys - WhatsApp client library dependency
Advisories can specify platforms: ["nanoclaw"] for platform-specific issues.
ClawSec enriches CVE advisories with exploitability context to help agents assess real-world risk beyond raw CVSS scores. Newly analyzed advisories can include:
Exploit Evidence: Whether public exploits exist in the wild
Weaponization Status: If exploits are integrated into common attack frameworks
Attack Requirements: Prerequisites needed for successful exploitation (network access, authentication, user interaction)
Risk Assessment: Contextualized risk level combining technical severity with exploitability
This feature helps agents prioritize vulnerabilities that pose immediate threats versus theoretical risks, enabling smarter security decisions.
Advisory Schema
NVD CVE Advisory:
{
"id": "CVE-2026-XXXXX",
"severity": "critical|high|medium|low",
"type": "vulnerable_skill",
"platforms": ["openclaw", "nanoclaw"],
"title": "Short description",
"description": "Full CVE description from NVD",
"published": "2026-02-01T00:00:00Z",
"cvss_score": 8.8,
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
"exploitability_score": "high|medium|low|unknown",
"exploitability_rationale": "Why this CVE is or is not likely exploitable in agent deployments",
"references": ["..."],
"action": "Recommended remediation"
}
(empty/missing) - All platforms (backward compatible)
๐ CI/CD Pipelines
ClawSec uses automated pipelines for continuous security updates and skill distribution.
Automated Workflows
| Workflow | Trigger | Description |
|----------|---------|-------------|
| ci.yml | PRs to main, pushes to main | Lint/type/build + skill test suites |
| pages-verify.yml | PRs to main | Verifies Pages build and signing outputs without publishing |
| poll-nvd-cves.yml | Daily cron (06:00 UTC) | Polls NVD for new CVEs, updates feed |
| community-advisory.yml | Issue labeled advisory-approved | Processes community reports into advisories |
| skill-release.yml | Skill tags + metadata PR changes | Validates version parity in PRs and publishes signed skill releases on tags |
| deploy-pages.yml | workflow_run after successful trusted CI/release or manual dispatch | Builds and deploys the web interface to GitHub Pages |
| wiki-sync.yml | Pushes to main touching wiki/** | Syncs wiki/ to the GitHub Wiki mirror |
Skill Release Pipeline
When a skill is tagged (e.g., soul-guardian-v1.0.0), the pipeline:
Validates - Checks skill.json version matches tag
Enforces key consistency - Verifies pinned release key references are consistent across repo PEMs and skills/clawsec-suite/SKILL.md
Generates Checksums - Creates checksums.json with SHA256 hashes for all SBOM files
Signs + verifies - Signs checksums.json and validates the generated signing-public.pem fingerprint against canonical repo key material
Releases - Publishes to GitHub Releases with all artifacts
Supersedes Old Releases - Deletes older versions within the same major line (tags remain)
Triggers Pages Update - Refreshes the skills catalog on the website
Signing Key Consistency Guardrails
To prevent supply-chain drift, CI now fails fast when signing key references diverge.
Guardrail script:
scripts/ci/verify_signing_key_consistency.sh
What it checks:
skills/clawsec-suite/SKILL.md inline public key fingerprint matches RELEASE_PUBKEY_SHA256
Canonical PEM files all match the same fingerprint:
| Scenario | Behavior |
|----------|----------|
| New patch/minor (e.g., 1.0.1, 1.1.0) | Previous releases with same major version are deleted |
| New major (e.g., 2.0.0) | Previous major version (1.x.x) remains for backwards compatibility |
Why do old releases disappear?
When you release skill-v0.0.2, the previous skill-v0.0.1 release is automatically deleted to keep the releases page clean. Only the latest version within each major version is retained.
Git tags are preserved - You can always recreate a release from an existing tag if needed
Major versions coexist - Both skill-v1.x.x and skill-v2.x.x latest releases remain available for backwards compatibility
Release Artifacts
Each skill release includes:
checksums.json - SHA256 hashes for integrity verification
skill.json - Skill metadata
SKILL.md - Main skill documentation
Additional files from SBOM (scripts, configs, etc.)
Signing Operations Documentation
For feed/release signing rollout and operations guidance:
# Install dependencies
npm install
# Start development server
npm run dev
Populate Local Data
# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh
# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120
# Generate wiki llms exports from wiki/ (for local preview)
./scripts/populate-local-wiki.sh
# Direct generator entrypoint (used by predev/prebuild)
npm run gen:wiki-llms
Notes:
npm run dev and npm run build automatically regenerate wiki llms.txt exports (predev/prebuild hooks).
public/wiki/ is generated output (local + CI) and is intentionally gitignored.
Validate with python utils/validate_skill.py skills/your-skill
Submit a PR for review
๐ Documentation Source of Truth
For all wiki content, edit files under wiki/ in this repository. The GitHub Wiki (<repo>.wiki.git) is synced from wiki/ by .github/workflows/wiki-sync.yml when wiki/** changes on main.
LLM exports are generated from wiki/ into public/wiki/:
/wiki/llms.txt is the LLM-ready export for wiki/INDEX.md (or a generated fallback index if INDEX.md is missing).
/wiki/<page>/llms.txt is the LLM-ready export for that single wiki page.
๐ License
Source code: GNU AGPL v3.0 or later - See LICENSE for details.
Fonts in font/: Licensed separately - See font/README.md.
ClawSec ยท Prompt Security, SentinelOne
๐ฆ Hardening agentic workflows, one skill at a time.
<img src="./public/img/mascot.png" alt="clawsec mascot" width="200" />
