← Back to Skills Marketplace

SecOpsAI for OpenClaw

Name: SecOpsAI for OpenClaw
Author: techris93

by Onyedika Christopher Agada · GitHub ↗ · v0.3.6 · MIT-0

cross-platform ⚠ suspicious

288

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install secopsai-skill

Description

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat.

Usage Guidance

This skill is internally consistent with its claimed purpose, but be aware: it runs shell commands and can modify your local SOC database. Before installing or enabling autonomous usage: 1) verify and review the referenced GitHub repo (https://github.com/Techris93/secopsai.git) yourself; 2) ensure the agent's exec tool runs under an account with limited privileges; 3) backup the SOC DB (data/openclaw/findings/openclaw_soc.db) before enabling write/automation; 4) require explicit confirmation for any triage/auto-apply actions; and 5) be mindful that supply-chain checks and pipeline runs may contact external registries or services—audit network activity if needed.

Capability Analysis

Type: OpenClaw Skill Name: secopsai-skill Version: 0.3.6 The secopsai-skill bundle (primarily SKILL.md) provides an interface for a security operations tool that requires broad shell execution privileges. While the behavior is aligned with its stated purpose of log auditing and triage, the command mappings contain significant vulnerabilities, such as potential shell injection via unvalidated placeholders like '<analyst note>' and '<FINDING_ID>'. These high-risk capabilities, combined with the ability to modify local databases and scan external package repositories, warrant a suspicious classification despite the lack of clear malicious intent.

Capability Assessment

✓ Purpose & Capability

The skill's name/description (conversational SecOps for OpenClaw) matches the instructions: it runs local secopsai CLI commands against OpenClaw audit logs and performs triage. It does not request unrelated credentials, binaries, or config paths.

ℹ Instruction Scope

The SKILL.md instructs the agent to run shell commands (using an exec tool) under a local virtualenv and to read OpenClaw logs and the local SOC DB. This is expected for the stated purpose, but running arbitrary shell commands and modifying the SOC DB are sensitive actions; the doc does include explicit safety defaults and requires explicit confirmation for write/triage actions.

✓ Install Mechanism

There is no automated install spec (instruction-only). The README recommends a manual git clone and virtualenv setup from a GitHub repo, which is proportionate. No downloads from unknown hosts or archived installers are specified in the skill itself.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths beyond standard $HOME locations. The paths referenced (~/secopsai, ~/.openclaw/logs/, data/openclaw/findings/openclaw_soc.db) are coherent with its purpose.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable; it can perform writes to the local SOC store as part of triage but the SKILL.md requires user confirmation before write operations. It does not modify other skills or global agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install secopsai-skill
After installation, invoke the skill by name or use /secopsai-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.3.6

Switched from legacy soc_store triage steps to the native secopsai triage investigate/close flow. Added native orchestrator, queue, and apply-action guidance. Added supply-chain false-positive action guidance. Updated safety language for write operations.

v0.3.4

Initial release of the secopsai-skill (v1.0.0): - Provides conversational SecOps workflows for OpenClaw audit logs via chat. - Supports listing, summarizing, triaging, and mitigating findings from the local SOC store. - Enables live detection pipeline runs and daily security summaries. - Integrates threat intelligence (IOC) matching and feeds without paid enrichment by default. - Enforces safety defaults: read-only operations preferred, explicit confirmation required for write actions.

v0.3.3

SecOpsAI Skill v0.3.0 introduces a complete redesign, expanding from credential hygiene to full conversational SecOps for OpenClaw. - Replaces previous credential audit checks with SOC-level findings management, triage, and mitigation. - Adds commands to run the detection pipeline, show/triage findings, and summarize results in chat. - Supports structured mitigation guidance and local threat intelligence (IOC) matching. - Emphasizes read-only defaults and explicit consent for write/triage actions. - Integrates with OpenClaw logs and requires virtualenv-based CLI usage. - Provides detailed command mappings for all supported user interactions.

v0.3.2

No changes detected in this version. - This release does not include any updates or modifications to the skill. - All features and documentation remain unchanged from the previous version.

v0.3.0

- Updated installation instructions: GitHub/manual install is now the preferred default, with the hosted script as an optional shortcut. - Clarified that users should be directed to the repo/manual setup path first when seeking installation guidance. - Added a tip noting `--json` can be used before subcommands in exec commands. - No changes to command mappings or agent behavior.

v0.2.0

Version 0.2.0 introduces threat intelligence support and additional safety defaults. - Added support for local-first IOC (threat intelligence) pipeline: refresh feeds and match IOCs against OpenClaw replay. - New user phrases and command mappings for refreshing threat intel (“refresh intel”) and matching IOCs (“match intel”). - Updated skill behaviour: By default, require user confirmation before any write/triage action. - Added safety guidance: encourages backup of the SOC database and careful use of automation. - No code changes detected; update is documentation-only.

v0.1.0

SecOpsAI 1.0.0 initial release: - Adds conversational SecOps skill for OpenClaw audit logs, including findings list, detailed inspection, triage, and mitigation guidance. - Maps user phrases to shell commands via the exec tool, using the secopsai CLI in a dedicated virtualenv. - Supports one-command daily pipeline runs, finding summaries, and breakdowns by severity. - Enables triage (disposition, status, analyst note) and detailed finding inspection by ID. - Offers structured mitigation steps and check commands for malware or exfiltration activity. - Provides guidance for daily summary automation via OpenClaw cron job.

Metadata

Slug secopsai-skill

Version 0.3.6

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 7

Frequently Asked Questions

What is SecOpsAI for OpenClaw?

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat. It is an AI Agent Skill for Claude Code / OpenClaw, with 288 downloads so far.

How do I install SecOpsAI for OpenClaw?

Run "/install secopsai-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SecOpsAI for OpenClaw free?

Yes, SecOpsAI for OpenClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SecOpsAI for OpenClaw support?

SecOpsAI for OpenClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SecOpsAI for OpenClaw?

It is built and maintained by Onyedika Christopher Agada (@techris93); the current version is v0.3.6.

More Skills