clawsec-nanoclaw_skill

This skill protects your NanoClaw bot by scanning installed skills for known vulnerabilities and advising before installation.
  • JavaScript

558

GitHub Stars

5

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill prompt-security/clawsec --skill clawsec-nanoclaw

  • CHANGELOG.md1.1 KB
  • INSTALL.md9.2 KB
  • README.md5.1 KB
  • skill.json4.7 KB
  • SKILL.md5.3 KB

Overview

This skill protects NanoClaw/OpenClaw agents by monitoring installed skills and dependencies for known security vulnerabilities. It prevents installing unsafe skills, runs audits on your current environment, and provides actionable advisories with exploitability context. Use it to keep your bot's skill set and integrity files secure and verifiable.

How this skill works

The tool queries a curated advisory feed and compares entries to installed skills, packages, and file baselines. It offers a pre-install check, scheduled audits, package signature verification, integrity monitoring, and an advisory browser with severity and exploitability filters. Results include exploitability context to prioritize triage and automated alerts for critical findings.

When to use it

  • Before installing any new NanoClaw/OpenClaw skill
  • When a user asks “Are my skills secure?” or raises suspicious behavior
  • As part of regular security audits or scheduled cron checks
  • After receiving external security notifications or advisories
  • Before approving file changes or restoring integrity baselines

Best practices

  • Always run a pre-install safety check for user-requested skills
  • Prioritize advisories by exploitability score and severity together, not severity alone
  • Schedule daily or weekly audits to catch supply-chain issues early
  • Enable package signature and file integrity verification for production bots
  • Review and approve integrity changes through the audit workflow instead of blind restores

Example use cases

  • Pre-install safety check: block or warn before adding a third-party skill
  • Full environment audit: scan ~/.claude/skills (or custom installRoot) for urgent advisories
  • Automated monitoring: cron job that alerts on critical or high-exploitability matches
  • Investigations: use advisory matches and exploitability details when tracing suspicious behavior
  • Integrity verification: detect and optionally auto-restore modified core files with approval workflow

FAQ

Yes. Use the pre-install check to prevent installation by default or surface risks so an operator can approve with informed consent.

How often is the advisory feed updated?

The curated feed updates automatically every six hours and is Ed25519-signed for authenticity; you can also force-refresh the local cache.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational