技能检索
pr-ship
Pre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each finding by severity (🟢/🟡/🔴). Updated frequently with the latest OpenClaw version context — run `clawhub update pr-ship` regularly to stay current.
threat-modeling
Expert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction.
securevibes-scanner
Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for security issues, run incremental security scans, or set up continuous security monitoring via cron. Supports full scans (one-shot) and incremental scans (cron-driven, only new commits).
speckit-checklist
Generate quality checklists to validate requirements completeness, clarity, and consistency.
agentcloak-email-proxy
Secure email proxy for AI agents. Search, read, and draft emails via MCP with server-side credential isolation, PII redaction, prompt injection detection, and content filtering. Unlike raw Gmail/IMAP skills, your agent never sees passwords or unfiltered content. Self-host or use the hosted version.
wip-file-guard
Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.
minduploadedcrab-skillguard
Security scanner for OpenClaw skills. Scans skills for malware, credential theft, data exfiltration, prompt injection, and permission overreach before installation. Run: python3 scripts/skillguard.py scan <skill-directory>
sentinel-shield
Runtime security for OpenClaw agents. Monitors tool calls, enforces rate limits, scans for prompt injection, and alerts on suspicious behavior. Protect your gateway token and agent session from infostealers and session hijacking.
credential-scanner
Scans files, repos, and directories for leaked secrets — API keys, tokens, passwords, connection strings, private keys, and credentials. Detects 40+ secret patterns across all major cloud providers and services.