[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-prompt-security-clawsec-scanner-de":3,"guides-for-prompt-security-clawsec-scanner":562,"similar-k17eaz2hwvgye5nwmwskxjjhq186nffr-de":563},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":241,"isFallback":224,"parentExtension":246,"providers":247,"relations":252,"repo":254,"tags":559,"workflow":560},1778695753353.6304,"k17eaz2hwvgye5nwmwskxjjhq186nffr",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.",{"claudeCode":12},"prompt-security/clawsec","clawsec-scanner","https://github.com/prompt-security/clawsec",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":222,"workflow":239},1778695848342.2427,"kn79jyt3t76xvkpvftgk20h6eh86m353","en",{"checks":20,"evaluatedAt":188,"extensionSummary":189,"features":190,"nonGoals":196,"promptVersionExtension":200,"promptVersionScoring":201,"purpose":202,"rationale":203,"score":204,"summary":205,"tags":206,"targetMarket":215,"tier":216,"useCases":217},[21,26,29,32,36,39,43,47,50,53,57,61,64,68,71,74,77,80,83,86,89,93,97,101,105,109,113,117,120,123,126,129,132,135,139,143,147,150,153,156,160,163,166,169,172,176,179,182,185],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly names a concrete user problem: automated vulnerability detection for agent platforms across multiple scan types.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The skill offers significant value beyond a simple wrapper by integrating multiple specialized scanning tools and providing unified reporting for agent platforms, which is a specific and non-trivial capability.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The extension appears production-ready, covering dependency scanning, CVE lookups, SAST, and DAST for agent-specific hooks, with clear installation instructions and troubleshooting.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The extension focuses on security scanning across various dimensions for agent platforms, maintaining a coherent scope without adding unrelated functionalities.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately and concisely reflects the extension's capabilities, including dependency scanning, CVE lookups, SAST, and DAST for agent platforms.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The extension utilizes specific, narrow tools like `npm audit`, `pip-audit`, `semgrep`, and `bandit`, rather than a single generalist command, which improves selection precision.",{"category":44,"check":45,"severity":24,"summary":46},"Documentation","Configuration & parameter reference","Environment variables for API keys and intervals are documented, and scripts are described with their expected behavior, providing sufficient reference.",{"category":33,"check":48,"severity":24,"summary":49},"Tool naming","Tools are generally well-named within the context of the scripts (e.g., `scan_dependencies.mjs`, `sast_analyzer.mjs`), reflecting their specific functions.",{"category":33,"check":51,"severity":24,"summary":52},"Minimal I/O surface","The scripts appear to take specific inputs (target path, format) and produce structured JSON or text output, without unnecessary fields or diagnostic dumps.",{"category":54,"check":55,"severity":24,"summary":56},"License","License usability","The extension is licensed under AGPL-3.0-or-later, which is a widely recognized and permissive open-source license, clearly stated in the LICENSE file and SKILL.md.",{"category":58,"check":59,"severity":24,"summary":60},"Maintenance","Commit recency","The last commit was on May 12, 2026, which is recent and indicates active maintenance.",{"category":58,"check":62,"severity":24,"summary":63},"Dependency Management","The project utilizes npm dependencies with lockfiles and provides clear installation instructions, suggesting good dependency management practices.",{"category":65,"check":66,"severity":24,"summary":67},"Security","Secret Management","The code reads API keys from environment variables and does not appear to log or expose secrets. Documentation emphasizes environment variables for sensitive data.",{"category":65,"check":69,"severity":24,"summary":70},"Injection","The scripts appear to handle external inputs safely, passing arguments as arrays to child processes and parsing JSON outputs, mitigating injection risks.",{"category":65,"check":72,"severity":24,"summary":73},"Transitive Supply-Chain Grenades","The code relies on bundled scripts and standard package managers for dependencies, avoiding runtime downloads or remote script execution that could pose supply chain risks.",{"category":65,"check":75,"severity":24,"summary":76},"Sandbox Isolation","The scripts operate within their designated directories and do not appear to modify files outside the project scope. The DAST executor runs in a controlled environment.",{"category":65,"check":78,"severity":24,"summary":79},"Sandbox escape primitives","No evidence of detached process spawns (`nohup`, `&`) or deny-retry loops that could indicate sandbox escape attempts was found.",{"category":65,"check":81,"severity":24,"summary":82},"Data Exfiltration","The tool focuses on scanning and reporting vulnerabilities; there are no imperative instructions to read and submit confidential data to third parties.",{"category":65,"check":84,"severity":24,"summary":85},"Hidden Text Tricks","Bundled content and scripts appear free of hidden steering tricks, control characters, or unusual Unicode sequences.",{"category":65,"check":87,"severity":24,"summary":88},"Opaque code execution","The codebase consists of readable JavaScript/TypeScript and shell scripts, with no evidence of obfuscation like base64 payloads or eval calls.",{"category":90,"check":91,"severity":24,"summary":92},"Portability","Structural Assumption","The scripts handle paths relative to the target directory and do not make assumptions about user-specific project layouts outside of standard file structures for dependencies.",{"category":94,"check":95,"severity":24,"summary":96},"Trust","Issues Attention","In the last 90 days, 0 issues were opened and 6 were closed, indicating a high closure rate and active maintenance.",{"category":98,"check":99,"severity":24,"summary":100},"Versioning","Release Management","The `version` field is present in SKILL.md frontmatter and aligns with the `CHANGELOG.md` and release tags, providing clear versioning.",{"category":102,"check":103,"severity":24,"summary":104},"Execution","Pinned dependencies","The project uses npm, and `package-lock.json` is present, indicating pinned dependencies. Shell scripts include shebangs.",{"category":33,"check":106,"severity":107,"summary":108},"Dry-run preview","not_applicable","The extension is primarily a scanning and reporting tool and does not perform state-changing operations, making a dry-run feature not applicable.",{"category":110,"check":111,"severity":24,"summary":112},"Protocol","Idempotent retry & timeouts","The DAST runner implements per-call timeouts and handles errors gracefully. Other scripts focus on execution and report generation, not remote calls requiring idempotency.",{"category":114,"check":115,"severity":24,"summary":116},"Compliance","GDPR","The scanner analyzes code and dependencies; it does not appear to handle or process personal data, making GDPR compliance not applicable.",{"category":114,"check":118,"severity":24,"summary":119},"Target market","The extension is a security scanner for agent platforms and has no regional or legal jurisdiction-specific logic; it is globally applicable.",{"category":90,"check":121,"severity":24,"summary":122},"Runtime stability","The scripts utilize standard Node.js and shell commands, with clear prerequisites listed, and the DAST harness handles TypeScript compilation, promoting cross-platform compatibility.",{"category":44,"check":124,"severity":24,"summary":125},"README","The README file is comprehensive, detailing the project's purpose, features, installation, and usage with clear examples.",{"category":33,"check":127,"severity":24,"summary":128},"Tool surface size","The core functionality is orchestrated by `runner.sh`, with specific scripts for dependencies, SAST, and DAST, keeping the exposed tool surface manageable.",{"category":40,"check":130,"severity":24,"summary":131},"Overlapping near-synonym tools","The extension uses distinct scripts for different scanning types (dependencies, SAST, DAST), avoiding redundant or overlapping tool names.",{"category":44,"check":133,"severity":24,"summary":134},"Phantom features","All advertised features, such as dependency scanning, CVE integration, SAST, and DAST, have corresponding implementations in the scripts.",{"category":136,"check":137,"severity":24,"summary":138},"Install","Installation instruction","Installation instructions are provided via `npx clawhub` and manual steps, including prerequisites and verification, with clear usage examples.",{"category":140,"check":141,"severity":24,"summary":142},"Errors","Actionable error messages","Scripts provide clear error messages for missing commands, invalid arguments, and execution failures, guiding the user toward remediation.",{"category":144,"check":145,"severity":24,"summary":146},"Code Execution","Validation","Arguments are parsed and validated. The DAST executor handles JSON inputs safely. Script execution uses array arguments to prevent shell injection.",{"category":65,"check":148,"severity":24,"summary":149},"Unguarded Destructive Operations","The extension is primarily analytical and read-only, performing scans and reporting results without destructive operations that would require guarding.",{"category":144,"check":151,"severity":24,"summary":152},"Error Handling","Scripts implement try-catch blocks and check command exit codes, providing warnings or fallback JSON reports for failures, ensuring graceful execution.",{"category":144,"check":154,"severity":24,"summary":155},"Logging","The scripts output findings to stdout/stderr and temporary files for merging, providing a clear audit trail of scan results.",{"category":157,"check":158,"severity":107,"summary":159},"Context","Progressive Disclosure","The SKILL.md is concise and does not require progressive disclosure for its core functionality.",{"category":157,"check":161,"severity":107,"summary":162},"Forked exploration","The skill performs focused scans rather than deep exploration or code review, so `context: fork` is not applicable.",{"category":22,"check":164,"severity":24,"summary":165},"Usage examples","The README and `runner.sh` include clear, ready-to-use examples for CLI scanning and hook setup.",{"category":22,"check":167,"severity":24,"summary":168},"Edge cases","The scripts handle common edge cases like missing dependencies (npm, pip-audit, semgrep), non-existent target paths, and invalid arguments, providing informative messages.",{"category":144,"check":170,"severity":24,"summary":171},"Tool Fallback","The extension is self-contained and does not rely on external MCP servers or other skills, thus not requiring fallback mechanisms.",{"category":173,"check":174,"severity":24,"summary":175},"Safety","Halt on unexpected state","The scripts exit gracefully with errors if prerequisites like `node`, `npm`, or `semgrep` are missing, or if the target path is invalid, preventing unexpected behavior.",{"category":90,"check":177,"severity":24,"summary":178},"Cross-skill coupling","The scanner operates as a standalone tool and does not implicitly rely on other skills being loaded in the same session.",{"category":40,"check":180,"severity":24,"summary":181},"Precise Purpose","The description clearly states the extension's purpose (vulnerability scanner), target (agent platforms), and capabilities (dependency, CVE, SAST, DAST).",{"category":40,"check":183,"severity":24,"summary":184},"Concise Frontmatter","The SKILL.md frontmatter is concise and effectively summarizes the core capability and required binaries.",{"category":44,"check":186,"severity":24,"summary":187},"Concise Body","The SKILL.md content is well-structured and avoids excessive length, delegating detailed information to external files where appropriate.",1778695847969,"This extension performs automated vulnerability scanning for agent platforms, including dependency scanning (npm audit, pip-audit), CVE lookups (OSV, NVD, GitHub Advisory), static analysis (Semgrep, Bandit), and dynamic analysis of agent-specific hooks.",[191,192,193,194,195],"Automated dependency scanning (npm, pip)","CVE database integration (OSV, NVD, GitHub)","Static code analysis (Semgrep, Bandit)","Dynamic analysis of agent hooks (DAST)","Unified vulnerability reporting",[197,198,199],"Performing remediation actions automatically","Scanning for runtime vulnerabilities in web applications (focus is on agent platforms)","Providing a cloud-based vulnerability management dashboard","3.0.0","4.4.0","To automate the detection of vulnerabilities in agent platforms, ensuring the security and integrity of agent deployments.","The extension is exceptionally well-documented, robustly implemented with clear installation and usage instructions, and demonstrates strong security practices. No critical or warning findings were identified.",100,"A comprehensive and robust security scanner for agent platforms.",[207,208,209,210,211,212,213,214],"security","vulnerability-scanning","dependency-analysis","sast","dast","agent-platform","npm","pip","global","verified",[218,219,220,221],"Scanning agent platform codebases for known vulnerabilities","Identifying security risks in project dependencies","Detecting common SAST issues like hardcoded secrets and injection flaws","Testing agent hooks for resilience against malicious inputs and timeouts",{"codeQuality":223,"collectedAt":225,"documentation":226,"maintenance":229,"security":235,"testCoverage":238},{"hasLockfile":224},true,1778695829701,{"descriptionLength":227,"readmeSize":228},260,17881,{"closedIssues90d":230,"forks":231,"hasChangelog":224,"manifestVersion":232,"openIssues90d":8,"pushedAt":233,"stars":234},6,104,"0.0.2",1778569911000,983,{"hasNpmPackage":236,"license":237,"smitheryVerified":236},false,"AGPL-3.0",{"hasCi":224,"hasTests":224},{"updatedAt":240},1778695848342,{"basePath":242,"githubOwner":243,"githubRepo":244,"locale":18,"slug":13,"type":245},"skills/clawsec-scanner","prompt-security","clawsec","skill",null,{"evaluate":248,"extract":250},{"promptVersionExtension":200,"promptVersionScoring":201,"score":204,"tags":249,"targetMarket":215,"tier":216},[207,208,209,210,211,212,213,214],{"commitSha":251},"HEAD",{"repoId":253},"kd72phsqkbk8w57ctvf7ac9nqs86n9t4",{"_creationTime":255,"_id":253,"identity":256,"providers":257,"workflow":555},1778695744804.4285,{"githubOwner":243,"githubRepo":244,"sourceUrl":14},{"classify":258,"discover":530,"github":533},{"commitSha":251,"extensions":259},[260,274,293,303,319,341,368,380,404,417,428,457,469,486,498,510],{"basePath":261,"description":262,"displayName":263,"installMethods":264,"rationale":265,"selectedPaths":266,"source":273,"sourceLanguage":18,"type":245},"skills/claw-release","Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.","claw-release",{"claudeCode":12},"SKILL.md frontmatter at skills/claw-release/SKILL.md",[267,270],{"path":268,"priority":269},"SKILL.md","mandatory",{"path":271,"priority":272},"CHANGELOG.md","medium","rule",{"basePath":275,"description":276,"displayName":277,"installMethods":278,"rationale":279,"selectedPaths":280,"source":273,"sourceLanguage":18,"type":245},"skills/clawsec-clawhub-checker","ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.","clawsec-clawhub-checker",{"claudeCode":12},"SKILL.md frontmatter at skills/clawsec-clawhub-checker/SKILL.md",[281,282,285,286,289,291],{"path":268,"priority":269},{"path":283,"priority":284},"README.md","high",{"path":271,"priority":272},{"path":287,"priority":288},"scripts/check_clawhub_reputation.mjs","low",{"path":290,"priority":288},"scripts/enhanced_guarded_install.mjs",{"path":292,"priority":288},"scripts/setup_reputation_hook.mjs",{"basePath":294,"description":295,"displayName":296,"installMethods":297,"rationale":298,"selectedPaths":299,"source":273,"sourceLanguage":18,"type":245},"skills/clawsec-feed","Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.","clawsec-feed",{"claudeCode":12},"SKILL.md frontmatter at skills/clawsec-feed/SKILL.md",[300,301,302],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"basePath":304,"description":305,"displayName":306,"installMethods":307,"rationale":308,"selectedPaths":309,"source":273,"sourceLanguage":18,"type":245},"skills/clawsec-nanoclaw","Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot","clawsec-nanoclaw",{"claudeCode":12},"SKILL.md frontmatter at skills/clawsec-nanoclaw/SKILL.md",[310,311,312,313,315,317],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":314,"priority":272},"INSTALL.md",{"path":316,"priority":288},"docs/INTEGRITY.md",{"path":318,"priority":288},"docs/SKILL_SIGNING.md",{"basePath":242,"description":10,"displayName":13,"installMethods":320,"rationale":321,"selectedPaths":322,"source":273,"sourceLanguage":18,"type":245},{"claudeCode":12},"SKILL.md frontmatter at skills/clawsec-scanner/SKILL.md",[323,324,325,327,329,331,333,335,337,339],{"path":268,"priority":269},{"path":271,"priority":272},{"path":326,"priority":288},"scripts/.gitkeep",{"path":328,"priority":288},"scripts/dast_hook_executor.mjs",{"path":330,"priority":288},"scripts/dast_runner.mjs",{"path":332,"priority":288},"scripts/query_cve_databases.mjs",{"path":334,"priority":288},"scripts/runner.sh",{"path":336,"priority":288},"scripts/sast_analyzer.mjs",{"path":338,"priority":288},"scripts/scan_dependencies.mjs",{"path":340,"priority":288},"scripts/setup_scanner_hook.mjs",{"basePath":342,"description":343,"displayName":344,"installMethods":345,"rationale":346,"selectedPaths":347,"source":273,"sourceLanguage":18,"type":245},"skills/clawsec-suite","ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.","clawsec-suite",{"claudeCode":12},"SKILL.md frontmatter at skills/clawsec-suite/SKILL.md",[348,349,350,352,354,356,358,360,362,364,366],{"path":268,"priority":269},{"path":271,"priority":272},{"path":351,"priority":272},"HEARTBEAT.md",{"path":353,"priority":288},"scripts/discover_skill_catalog.mjs",{"path":355,"priority":288},"scripts/generate_checksums_json.mjs",{"path":357,"priority":288},"scripts/guarded_skill_install.mjs",{"path":359,"priority":288},"scripts/local_file_io.mjs",{"path":361,"priority":288},"scripts/setup_advisory_cron.mjs",{"path":363,"priority":288},"scripts/setup_advisory_hook.mjs",{"path":365,"priority":288},"scripts/sign_detached_ed25519.mjs",{"path":367,"priority":288},"scripts/verify_detached_ed25519.mjs",{"basePath":369,"description":370,"displayName":371,"installMethods":372,"rationale":373,"selectedPaths":374,"source":273,"sourceLanguage":18,"type":245},"skills/clawtributor","Community incident reporting for AI agents. Contribute to collective security by reporting threats.","clawtributor",{"claudeCode":12},"SKILL.md frontmatter at skills/clawtributor/SKILL.md",[375,376,377,378],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":379,"priority":272},"reporting.md",{"basePath":381,"description":382,"displayName":383,"installMethods":384,"rationale":385,"selectedPaths":386,"source":273,"sourceLanguage":18,"type":245},"skills/hermes-attestation-guardian","Hermes-only runtime security attestation and drift detection skill for operator-managed Hermes infrastructure.","hermes-attestation-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/hermes-attestation-guardian/SKILL.md",[387,388,389,390,392,394,396,398,400,402],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":391,"priority":288},"scripts/check_advisories.mjs",{"path":393,"priority":288},"scripts/generate_attestation.mjs",{"path":395,"priority":288},"scripts/guarded_skill_verify.mjs",{"path":397,"priority":288},"scripts/refresh_advisory_feed.mjs",{"path":399,"priority":288},"scripts/setup_advisory_check_cron.mjs",{"path":401,"priority":288},"scripts/setup_attestation_cron.mjs",{"path":403,"priority":288},"scripts/verify_attestation.mjs",{"basePath":405,"description":406,"displayName":407,"installMethods":408,"rationale":409,"selectedPaths":410,"source":273,"sourceLanguage":18,"type":245},"skills/hermes-traffic-guardian","Hermes runtime traffic monitoring baseline for opt-in proxy inspection, egress detection, and attestation-aware traffic posture.","hermes-traffic-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/hermes-traffic-guardian/SKILL.md",[411,412,413,414,416],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":415,"priority":272},"SPEC.md",{"path":326,"priority":288},{"basePath":418,"description":419,"displayName":420,"installMethods":421,"rationale":422,"selectedPaths":423,"source":273,"sourceLanguage":18,"type":245},"skills/nanoclaw-traffic-guardian","NanoClaw runtime traffic monitoring baseline for host-side proxy inspection with container-safe MCP and IPC status surfaces.","nanoclaw-traffic-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/nanoclaw-traffic-guardian/SKILL.md",[424,425,426,427],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":415,"priority":272},{"basePath":429,"description":430,"displayName":431,"installMethods":432,"rationale":433,"selectedPaths":434,"source":273,"sourceLanguage":18,"type":245},"skills/openclaw-audit-watchdog","Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job, and sends formatted reports to configured recipients.","openclaw-audit-watchdog",{"claudeCode":12},"SKILL.md frontmatter at skills/openclaw-audit-watchdog/SKILL.md",[435,436,437,438,440,442,444,446,448,450,451,453,455],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":439,"priority":288},"examples/README.md",{"path":441,"priority":288},"examples/security-audit-config.example.json",{"path":443,"priority":288},"scripts/codex_review.sh",{"path":445,"priority":288},"scripts/load_suppression_config.mjs",{"path":447,"priority":288},"scripts/render_report.mjs",{"path":449,"priority":288},"scripts/run_audit_and_format.sh",{"path":334,"priority":288},{"path":452,"priority":288},"scripts/send_smtp.mjs",{"path":454,"priority":288},"scripts/sendmail_report.sh",{"path":456,"priority":288},"scripts/setup_cron.mjs",{"basePath":458,"description":459,"displayName":460,"installMethods":461,"rationale":462,"selectedPaths":463,"source":273,"sourceLanguage":18,"type":245},"skills/openclaw-traffic-guardian","OpenClaw runtime traffic monitoring baseline for opt-in HTTP/HTTPS proxy inspection, egress detection, and inbound injection detection.","openclaw-traffic-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/openclaw-traffic-guardian/SKILL.md",[464,465,466,467,468],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":415,"priority":272},{"path":326,"priority":288},{"basePath":470,"description":471,"displayName":472,"installMethods":473,"rationale":474,"selectedPaths":475,"source":273,"sourceLanguage":18,"type":245},"skills/picoclaw-security-guardian","Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.","picoclaw-security-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/picoclaw-security-guardian/SKILL.md",[476,477,478,479,480,482,484],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":391,"priority":288},{"path":481,"priority":288},"scripts/check_drift.mjs",{"path":483,"priority":288},"scripts/generate_profile.mjs",{"path":485,"priority":288},"scripts/verify_supply_chain.mjs",{"basePath":487,"description":488,"displayName":489,"installMethods":490,"rationale":491,"selectedPaths":492,"source":273,"sourceLanguage":18,"type":245},"skills/picoclaw-self-pen-testing","Picoclaw-only local posture-review skill focused on read-only findings and safe operator remediation guidance.","picoclaw-self-pen-testing",{"claudeCode":12},"SKILL.md frontmatter at skills/picoclaw-self-pen-testing/SKILL.md",[493,494,495,496],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":497,"priority":288},"scripts/self_pen_test.mjs",{"basePath":499,"description":500,"displayName":501,"installMethods":502,"rationale":503,"selectedPaths":504,"source":273,"sourceLanguage":18,"type":245},"skills/picoclaw-traffic-guardian","Picoclaw runtime traffic monitoring baseline for lightweight AI gateway proxy inspection, egress detection, and posture integration.","picoclaw-traffic-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/picoclaw-traffic-guardian/SKILL.md",[505,506,507,508,509],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":415,"priority":272},{"path":326,"priority":288},{"basePath":511,"description":512,"displayName":513,"installMethods":514,"rationale":515,"selectedPaths":516,"source":273,"sourceLanguage":18,"type":245},"skills/soul-guardian","Drift detection + baseline integrity guard for agent workspace files with automatic alerting support","soul-guardian",{"claudeCode":12},"SKILL.md frontmatter at skills/soul-guardian/SKILL.md",[517,518,519,520,522,524,526,528],{"path":268,"priority":269},{"path":283,"priority":284},{"path":271,"priority":272},{"path":521,"priority":288},"scripts/install_launchd_plist.py",{"path":523,"priority":288},"scripts/onboard_state_dir.py",{"path":525,"priority":288},"scripts/soul_guardian.py",{"path":527,"priority":288},"scripts/test_install_launchd_plist.py",{"path":529,"priority":288},"scripts/test_soul_guardian.py",{"sources":531},[532],"manual",{"closedIssues90d":230,"description":534,"forks":231,"homepage":535,"license":237,"openIssues90d":8,"pushedAt":233,"readmeSize":228,"stars":234,"topics":536},"A complete security skill suite for OpenClaw, Hermes, PicoClaw and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.","https://prompt.security/clawsec",[537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554],"clawdbot","clawdbot-skill","molt","moltbot-skill","moltbot-skills","openclaw","openclaw-extension","openclaw-plugin","openclaw-security","openclaw-skill","openclaw-skills","nanoclaw","hermes","hermes-agent","hermes-skill","hermes-skills","picoclaw","picoclaw-install",{"classifiedAt":556,"discoverAt":557,"extractAt":558,"githubAt":558,"updatedAt":556},1778695753156,1778695744804,1778695751173,[212,211,209,213,214,210,207,208],{"evaluatedAt":240,"extractAt":561,"updatedAt":240},1778695753353,[],[564,594,623,650,678,706],{"_creationTime":565,"_id":566,"community":567,"display":568,"identity":574,"providers":578,"relations":587,"tags":590,"workflow":591},1778691344230.1377,"k1713zyypk0fh30ftchgf4f1b186mq7g",{"reviewCount":8},{"description":569,"installMethods":570,"name":572,"sourceUrl":573},"Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.",{"claudeCode":571},"jeffallan/claude-skills","security-reviewer","https://github.com/jeffallan/claude-skills",{"basePath":575,"githubOwner":576,"githubRepo":577,"locale":18,"slug":572,"type":245},"skills/security-reviewer","jeffallan","claude-skills",{"evaluate":579,"extract":586},{"promptVersionExtension":200,"promptVersionScoring":201,"score":580,"tags":581,"targetMarket":215,"tier":216},99,[207,208,210,582,583,584,585],"penetration-testing","devsecops","code-audit","compliance",{"commitSha":251},{"parentExtensionId":588,"repoId":589},"k177fx0q0bsftkws6j1av221j186ndt6","kd77w37et655xneae33d1p2d2n86ncxp",[584,585,583,582,210,207,208],{"evaluatedAt":592,"extractAt":593,"updatedAt":592},1778692596500,1778691344230,{"_creationTime":595,"_id":596,"community":597,"display":598,"identity":604,"providers":607,"relations":616,"tags":619,"workflow":620},1778675056600.2515,"k171s4rhs09sqtmsc1dckyy4rn86mr6z",{"reviewCount":8},{"description":599,"installMethods":600,"name":602,"sourceUrl":603},"Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.",{"claudeCode":601},"alirezarezvani/claude-skills","senior-secops","https://github.com/alirezarezvani/claude-skills",{"basePath":605,"githubOwner":606,"githubRepo":577,"locale":18,"slug":602,"type":245},"engineering-team/skills/senior-secops","alirezarezvani",{"evaluate":608,"extract":615},{"promptVersionExtension":200,"promptVersionScoring":201,"score":609,"tags":610,"targetMarket":215,"tier":216},98,[207,611,585,612,210,211,613,614],"devops","vulnerability-management","secops","python",{"commitSha":251},{"parentExtensionId":617,"repoId":618},"k179s2ynpr6g927zdzf23zrhad86net8","kd7ff9s1w43mfyy1n7hf87816186m6px",[585,211,611,614,210,613,207,612],{"evaluatedAt":621,"extractAt":622,"updatedAt":621},1778683694128,1778675056600,{"_creationTime":624,"_id":625,"community":626,"display":627,"identity":633,"providers":636,"relations":644,"tags":646,"workflow":647},1778696113180.8135,"k1790qkgyw4khsthtv6jsar87s86mbjc",{"reviewCount":8},{"description":628,"installMethods":629,"name":631,"sourceUrl":632},"Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.",{"claudeCode":630},"rampstackco/claude-skills","dependency-management","https://github.com/rampstackco/claude-skills",{"basePath":634,"githubOwner":635,"githubRepo":577,"locale":18,"slug":631,"type":245},"skills/dependency-management","rampstackco",{"evaluate":637,"extract":643},{"promptVersionExtension":200,"promptVersionScoring":201,"score":609,"tags":638,"targetMarket":215,"tier":216},[639,213,640,214,207,641,642],"dependencies","yarn","maintenance","auditing",{"commitSha":251},{"repoId":645},"kd7bebccrrd1xf6w868aggftrd86m86v",[642,639,641,213,214,207,640],{"evaluatedAt":648,"extractAt":649,"updatedAt":648},1778696719478,1778696113180,{"_creationTime":651,"_id":652,"community":653,"display":654,"identity":660,"providers":665,"relations":672,"tags":674,"workflow":675},1778683190010.2776,"k174m5ypppymeygczv3g7gv71h86m571",{"reviewCount":8},{"description":655,"installMethods":656,"name":658,"sourceUrl":659},"Dependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.",{"claudeCode":657},"bobmatnyc/claude-mpm-skills","dependency-audit","https://github.com/bobmatnyc/claude-mpm-skills",{"basePath":661,"githubOwner":662,"githubRepo":663,"locale":18,"slug":664,"type":245},"toolchains/universal/dependency/audit","bobmatnyc","claude-mpm-skills","audit",{"evaluate":666,"extract":671},{"promptVersionExtension":200,"promptVersionScoring":201,"score":667,"tags":668,"targetMarket":215,"tier":216},95,[631,213,640,669,214,670,207,641],"pnpm","poetry",{"commitSha":251},{"repoId":673},"kd72g55e5qeqs90bk1bvkt8wbx86nkn3",[631,641,213,214,669,670,207,640],{"evaluatedAt":676,"extractAt":677,"updatedAt":676},1778685619759,1778683190010,{"_creationTime":679,"_id":680,"community":681,"display":682,"identity":688,"providers":692,"relations":699,"tags":702,"workflow":703},1778696691708.3306,"k172evhhmbzzyp7g0t2caf4hfh86nsp9",{"reviewCount":8},{"description":683,"installMethods":684,"name":686,"sourceUrl":687},"First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`",{"claudeCode":685},"ruvnet/ruflo","vector-setup","https://github.com/ruvnet/ruflo",{"basePath":689,"githubOwner":690,"githubRepo":691,"locale":18,"slug":686,"type":245},"plugins/ruflo-ruvector/skills/vector-setup","ruvnet","ruflo",{"evaluate":693,"extract":698},{"promptVersionExtension":200,"promptVersionScoring":201,"score":204,"tags":694,"targetMarket":215,"tier":216},[695,696,697,213,639],"setup","installation","ruvector",{"commitSha":251},{"parentExtensionId":700,"repoId":701},"k17710fw96s8hs1y3j2cye3aa586n523","kd7ed28gj8n0y3msk5dzrp05zs86nqtc",[639,696,213,697,695],{"evaluatedAt":704,"extractAt":705,"updatedAt":704},1778701365160,1778696691708,{"_creationTime":707,"_id":708,"community":709,"display":710,"identity":716,"providers":721,"relations":728,"tags":731,"workflow":732},1778692146187.2336,"k1707hv693sp6xmwddh517khq186ms52",{"reviewCount":8},{"description":711,"installMethods":712,"name":714,"sourceUrl":715},"Veröffentlicht eine neue Version von clickup-cli auf npm, aktualisiert den Homebrew-Tap, schreibt Release Notes und synchronisiert den Agent-Skill. Verwenden Sie dies, wenn Sie eine neue Version veröffentlichen, die Version hochstufen oder eine Veröffentlichung überprüfen.",{"claudeCode":713},"krodak/clickup-cli","releasing-clickup-cli","https://github.com/krodak/clickup-cli",{"basePath":717,"githubOwner":718,"githubRepo":719,"locale":720,"slug":714,"type":245},".agents/skills/releasing-clickup-cli","krodak","clickup-cli","de",{"evaluate":722,"extract":727},{"promptVersionExtension":200,"promptVersionScoring":201,"score":204,"tags":723,"targetMarket":215,"tier":216},[724,213,725,726,611],"release-automation","homebrew","cli",{"commitSha":251},{"repoId":729,"translatedFrom":730},"kd7eepjypfnak20m6gzx5gk5mx86mdz6","k179vm5rq0p8bzd9v2d18rqneh86m9bj",[726,611,725,213,724],{"evaluatedAt":733,"extractAt":734,"updatedAt":735},1778692046342,1778692007457,1778692146187]