Brought to you by Prompt Security, the Platform for AI Security
ClawSec is a complete security skill suite for the OpenClaw family of agents (Moltbot, Clawdbot, some clones). It provides a unified installer that deploys, verifies, and maintains security skills-protecting your agent's cognitive architecture against prompt injection, drift, and malicious instructions.
- π¦ Suite Installer - One-command installation of all security skills with integrity verification
- π‘οΈ File Integrity Protection - Drift detection and auto-restore for critical agent files (SOUL.md, IDENTITY.md, etc.)
- π‘ Live Security Advisories - Automated NVD CVE polling and community threat intelligence
- π Security Audits - Self-check scripts to detect prompt injection markers and vulnerabilities
- π Checksum Verification - SHA256 checksums for all skill artifacts
- Health Checks - Automated updates and integrity verification for all installed skills
# Fetch and install the ClawSec security suite
curl -sL https://clawsec.prompt.security/releases/latest/download/SKILL.mdThe skill file contains deployment instructions. Your agent will:
- Detect its agent family (OpenClaw/MoltBot/ClawdBot or other)
- Install appropriate skills from the catalog
- Verify integrity using checksums
- Set up cron update checks
Copy this instruction to your AI agent:
Read https://clawsec.prompt.security/releases/latest/download/SKILL.md and follow the instructions to install the protection skill suite.
The clawsec-suite is a skill-of-skills manager that installs, verifies, and maintains security skills from the ClawSec catalog.
| Skill | Description | Installation | Compatibility |
|---|---|---|---|
| π‘ clawsec-feed | Security advisory feed monitoring with live CVE updates | β Included by default | All agents |
| π openclaw-audit-watchdog | Automated daily audits with email reporting | βοΈ Optional (install separately) | OpenClaw/MoltBot/ClawdBot |
| π» soul-guardian | Drift detection and file integrity guard with auto-restore | βοΈ Optional | All agents |
| π€ clawtributor | Community incident reporting | β Optional (Explicit request) | All agents |
β οΈ clawtributor is not installed by default as it may share anonymized incident data. Install only on explicit user request.
β οΈ openclaw-audit-watchdog is tailored for the OpenClaw/MoltBot/ClawdBot agent family. Other agents receive the universal skill set.
- Integrity Verification - Every skill package includes
checksums.jsonwith SHA256 hashes - Updates - Automatic checks for new skill versions
- Self-Healing - Failed integrity checks trigger automatic re-download from trusted releases
- Advisory Cross-Reference - Installed skills are checked against the security advisory feed
ClawSec maintains a continuously updated security advisory feed, automatically populated from NIST's National Vulnerability Database (NVD).
# Fetch latest advisories
curl -s https://clawsec.prompt.security/advisories/feed.json | jq '.advisories[] | select(.severity == "critical" or .severity == "high")'The feed polls CVEs related to:
OpenClawclawdbotMoltbot- Prompt injection patterns
- Agent security vulnerabilities
NVD CVE Advisory:
{
"id": "CVE-2026-XXXXX",
"severity": "critical|high|medium|low",
"type": "vulnerable_skill",
"title": "Short description",
"description": "Full CVE description from NVD",
"published": "2026-02-01T00:00:00Z",
"cvss_score": 8.8,
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-XXXXX",
"references": ["..."],
"action": "Recommended remediation"
}Community Advisory:
{
"id": "CLAW-2026-0042",
"severity": "high",
"type": "prompt_injection|vulnerable_skill|tampering_attempt",
"title": "Short description",
"description": "Detailed description from issue",
"published": "2026-02-01T00:00:00Z",
"affected": ["skill-name@1.0.0"],
"source": "Community Report",
"github_issue_url": "https://github.com/.../issues/42",
"action": "Recommended remediation"
}ClawSec uses automated pipelines for continuous security updates and skill distribution.
| Workflow | Trigger | Description |
|---|---|---|
| poll-nvd-cves.yml | Daily cron (06:00 UTC) | Polls NVD for new CVEs, updates feed |
| community-advisory.yml | Issue labeled advisory-approved |
Processes community reports into advisories |
| skill-release.yml | <skill>-v*.*.* tags |
Packages individual skills with checksums to GitHub Releases |
| deploy-pages.yml | Push to main | Builds and deploys the web interface to GitHub Pages |
When a skill is tagged (e.g., soul-guardian-v1.0.0), the pipeline:
- Validates - Checks
skill.jsonversion matches tag - Enforces key consistency - Verifies pinned release key references are consistent across repo PEMs and
skills/clawsec-suite/SKILL.md - Generates Checksums - Creates
checksums.jsonwith SHA256 hashes for all SBOM files - Signs + verifies - Signs
checksums.jsonand validates the generatedsigning-public.pemfingerprint against canonical repo key material - Releases - Publishes to GitHub Releases with all artifacts
- Supersedes Old Releases - Marks older versions (same major) as pre-releases
- Triggers Pages Update - Refreshes the skills catalog on the website
To prevent supply-chain drift, CI now fails fast when signing key references diverge.
Guardrail script:
scripts/ci/verify_signing_key_consistency.sh
What it checks:
skills/clawsec-suite/SKILL.mdinline public key fingerprint matchesRELEASE_PUBKEY_SHA256- Canonical PEM files all match the same fingerprint:
clawsec-signing-public.pemadvisories/feed-signing-public.pemskills/clawsec-suite/advisories/feed-signing-public.pem
- Generated public key in workflows matches canonical key:
release-assets/signing-public.pem(release workflow)public/signing-public.pem(pages workflow)
Where enforced:
.github/workflows/skill-release.yml.github/workflows/deploy-pages.yml
ClawSec follows semantic versioning. When a new version is released:
| Scenario | Behavior |
|---|---|
| New patch/minor (e.g., 1.0.1, 1.1.0) | Previous releases with same major version are deleted |
| New major (e.g., 2.0.0) | Previous major version (1.x.x) remains for backwards compatibility |
Why do old releases disappear?
When you release skill-v0.0.2, the previous skill-v0.0.1 release is automatically deleted to keep the releases page clean. Only the latest version within each major version is retained.
- Git tags are preserved - You can always recreate a release from an existing tag if needed
- Major versions coexist - Both
skill-v1.x.xandskill-v2.x.xlatest releases remain available for backwards compatibility
Each skill release includes:
checksums.json- SHA256 hashes for integrity verificationskill.json- Skill metadataSKILL.md- Main skill documentation- Additional files from SBOM (scripts, configs, etc.)
For feed/release signing rollout and operations guidance:
SECURITY-SIGNING.md- key generation, GitHub secrets, rotation/revocation, incident responseMIGRATION-SIGNED-FEED.md- phased migration from unsigned feed, enforcement gates, rollback plan
ClawSec includes Python utilities for local skill development and validation.
Validates a skill folder against the required schema:
python utils/validate_skill.py skills/clawsec-feedChecks:
skill.jsonexists and is valid JSON- Required fields present (name, version, description, author, license)
- SBOM files exist and are readable
- OpenClaw metadata is properly structured
Generates checksums.json with SHA256 hashes for a skill:
python utils/package_skill.py skills/clawsec-feed ./distOutputs:
checksums.json- SHA256 hashes for verification
- Node.js 20+
- Python 3.10+ (for offline tools)
- npm
# Install dependencies
npm install
# Start development server
npm run dev# Populate skills catalog from local skills/ directory
./scripts/populate-local-skills.sh
# Populate advisory feed with real NVD CVE data
./scripts/populate-local-feed.sh --days 120npm run buildβββ advisories/
β βββ feed.json # Main advisory feed (auto-updated from NVD)
βββ components/ # React components
βββ pages/ # Page components
βββ scripts/
β βββ populate-local-feed.sh # Local CVE feed populator
β βββ populate-local-skills.sh # Local skills catalog populator
β βββ release-skill.sh # Manual skill release helper
βββ skills/
β βββ clawsec-suite/ # π¦ Suite installer (skill-of-skills)
β βββ clawsec-feed/ # π‘ Advisory feed skill
β βββ clawtributor/ # π€ Community reporting skill
β βββ openclaw-audit-watchdog/ # π Automated audit skill
β βββ soul-guardian/ # π» File integrity skill
βββ utils/
β βββ package_skill.py # Skill packager utility
β βββ validate_skill.py # Skill validator utility
βββ .github/workflows/
β βββ poll-nvd-cves.yml # CVE polling pipeline
β βββ skill-release.yml # Skill release pipeline
β βββ deploy-pages.yml # Pages deployment
βββ public/ # Static assets and published skills
We welcome contributions! See CONTRIBUTING.md for guidelines.
Found a prompt injection vector, malicious skill, or security vulnerability? Report it via GitHub Issues:
- Open a new issue using the Security Incident Report template
- Fill out the required fields (severity, type, description, affected skills)
- A maintainer will review and add the
advisory-approvedlabel - The advisory is automatically published to the feed as
CLAW-{YEAR}-{ISSUE#}
See CONTRIBUTING.md for detailed guidelines.
- Create a skill folder under
skills/ - Add
skill.jsonwith required metadata and SBOM - Add
SKILL.mdwith agent-readable instructions - Validate with
python utils/validate_skill.py skills/your-skill - Submit a PR for review
- Source code: MIT License - See LICENSE for details.
- Fonts in
font/: Licensed separately - Seefont/README.md.
ClawSec Β· Prompt Security, SentinelOne
π¦ Hardening agentic workflows, one skill at a time.