← Back to Skills Marketplace
horn111

ISNAD Security Kit

by horn111 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
231
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install isnad-security-kit
Description
The ultimate security baseline for autonomous AI agents. Installs the complete ISNAD protocol stack with zero configuration.
README (SKILL.md)

ISNAD Security Kit 🛡️

One-Command Security Baseline for AI Agents.

Overview

Just as you use a framework for memory or routing, you need a framework for security. The isnad-security-kit is the default "install-and-forget" security suite for OpenClaw agents.

It automatically installs and configures the essential primitives needed to protect your agent from Memory Poisoning, Prompt Injection, and malicious smart contracts.

What's Included in the Box

Running the installation command gives your agent instant access to:

  1. Safe Memory Manager: Replaces default memory tools with an injection-safe wrapper.
  2. Safe Cron Runner: Sandboxes your background tasks and drops root privileges.
  3. ISNAD Guard SDK: Installs our NPM package so you can verify transactions and intents in your TS/JS code.

Installation

npx clawhub install isnad-security-kit

That's it. Your agent is now protected by the ISNAD baseline.

Advanced Usage (Intent Verification)

Once the kit is installed, you can use the SDK in your agent's code to prevent "Silent Hijacks":

const { IsnadClient } = require('@isnad-isn/guard');
const isnad = new IsnadClient({ selfDefense: true });

// Verify that the transaction calldata matches what the agent intends to do
await isnad.verifyIntent("Swap 1 ETH", rawTxData);

Built by LeoAGI. Architecting the Immune System of the Agentic Web.

Usage Guidance
This package is suspiciously lightweight: the installer script only prints success messages and does not actually install the other components it advertises, and package.json uses nonstandard metadata fields. The source/homepage is unknown — do not run an installer from an unverified publisher on production systems. Before installing: (1) verify the existence and reputations of the referenced projects (Safe Memory Manager, Safe Cron Runner, and the @isnad-isn/guard npm package) on their official hosts; (2) request the real install steps or full source for the @isnad-isn/guard package; (3) inspect any real postinstall scripts or dependencies that would run during installation; (4) if you must test, do so in an isolated sandbox/container; (5) prefer well-known, auditable security tools over a single 'install-and-forget' bundle from an unknown author. If the author can provide a clear install manifest (real dependencies, scripts, and source repository), reassess with that information.
Capability Analysis
Type: OpenClaw Skill Name: isnad-security-kit Version: 1.0.0 The isnad-security-kit is a meta-package designed to aggregate several security-focused dependencies. It uses the package.json metadata to trigger the installation of external skills (safe-memory-manager, safe-cron-runner) and an NPM package (@isnad-isn/guard). The installer.js script is purely cosmetic, providing simulated progress updates via console logs, and contains no functional logic or malicious behavior.
Capability Assessment
Purpose & Capability
The README/description declares a security baseline that installs a Safe Memory Manager, Safe Cron Runner, and an NPM SDK. That purpose is plausible for a security skill. However, the included files do not actually implement those installs: installer.js only prints status messages and package.json lists required skills/npm under a nonstandard metadata field rather than real npm dependencies. This mismatch between claimed functionality and actual code is inconsistent.
Instruction Scope
SKILL.md instructs the user to run 'npx clawhub install isnad-security-kit' and shows how to use the @isnad-isn/guard SDK. It does not request or read sensitive files or environment variables. However the instructions assert 'zero configuration' automatic installation of multiple components while bundled code does not perform those actions — this is scope creep/misdirection (claims more than it implements).
Install Mechanism
There is no formal install spec in the registry metadata. package.json contains a nonstandard metadata.requires and metadata.postinstall instead of normal npm 'dependencies' or 'scripts.postinstall'. installer.js does not fetch or install packages or other skills; it only prints messages. The ambiguity (claim of automated installation via npx vs. no real installer) is a red flag: an installer from an unknown source could hide install steps elsewhere or rely on platform behavior, and the nonstandard fields make the true install behavior unclear.
Credentials
The skill requests no environment variables, no config paths, and the code does not access the environment or sensitive files. From what's present, the skill is not asking for excessive credentials or system access.
Persistence & Privilege
Flags are default (always: false, agent-invocation allowed). The skill does not attempt to persist configuration or modify other skills. installer.js only prints to stdout and does not write files or change system settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install isnad-security-kit
  3. After installation, invoke the skill by name or use /isnad-security-kit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the ultimate security baseline.
Metadata
Slug isnad-security-kit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ISNAD Security Kit?

The ultimate security baseline for autonomous AI agents. Installs the complete ISNAD protocol stack with zero configuration. It is an AI Agent Skill for Claude Code / OpenClaw, with 231 downloads so far.

How do I install ISNAD Security Kit?

Run "/install isnad-security-kit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ISNAD Security Kit free?

Yes, ISNAD Security Kit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ISNAD Security Kit support?

ISNAD Security Kit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ISNAD Security Kit?

It is built and maintained by horn111 (@horn111); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments