技能检索
eridian-carapace
Agent security hardening and prompt injection defense for OpenClaw. Protects against ClawHavoc-style attacks including prompt injection, data exfiltration, credential theft, and unauthorized operations. Runtime protection that complements pre-installation skill scanners like Clawdex. Includes security audit checklist, 8 documented attack vector defenses with mitigations, copy-paste AGENTS.md security patterns, credential file protection, browser URL allowlisting, and sensitive operation approval flows. Use when setting up agent security, performing security audits, hardening agent configurations, protecting credentials, preventing data leaks, or defending against indirect prompt injection attacks.
openapi-deep-audit
You are a senior backend architect, API security auditor, and test strategy designer.
urlcheck
Companion skill for @cybrlab/urlcheck-openclaw. Requires URLCheck plugin tools to assess URLs for threats and intent alignment before navigation.
password-gen-pro
When user asks to generate a password, create PIN, make passphrase, check password strength, generate API key, create secure token, manage password ideas, generate username, bulk passwords, or any password/security task. 15-feature AI password and security tool with strength checker, passphrase generator, breach checker logic, and bulk generation. All data stays local — NO external API calls, NO network requests, NO data sent to any server. Does NOT store actual passwords.
test-sentinel
Writes and runs tests (unit, integration, E2E), performs linting, and auto-fixes failures
forge
Autonomous quality engineering swarm that forges production-ready code through continuous behavioral verification, exhaustive E2E testing, and self-healing fix loops. Combines DDD+ADR+TDD methodology with BDD/Gherkin specifications, 7 quality gates, defect prediction, chaos testing, and cross-context dependency awareness. Architecture-agnostic — works with monoliths, microservices, modular monoliths, and any bounded-context topology.
agentgate-security
AgentGate is a real-time policy enforcement layer that intercepts every tool call your OpenClaw agent makes before it executes. It evaluates the call against human-defined regex-based rules stored in Firestore and returns one of three decisions: ALLOW, DENY, or REQUIRE_APPROVAL.
skulk-skill-scanner
Scan OpenClaw skill folders for security red flags before installing or publishing. Detects data exfiltration, credential theft, prompt injection, destructive commands, obfuscation, privilege escalation, and supply chain risks. Use when: evaluating a skill from ClawHub before install, auditing your own skills before publishing, or reviewing any SKILL.md for safety. NOT for: general code review or vulnerability scanning of non-skill codebases.
apoer-agent-guardrail
Pre-action authorization for AI agents. Verifies permissions before every tool runs (shell, messaging, git, MCP, data export). Works with OpenClaw, IronClaw, PicoClaw. APort policy engine allows or denies each tool call deterministically; agent cannot skip it.