← Back to Skills Marketplace
doonot

Zero Trust

by doonot · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
6198
Downloads
13
Stars
26
Active Installs
1
Versions
Install in OpenClaw
/install zero-trust
Description
Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects.
Usage Guidance
Safe to install as a behavioral safety checklist. Before relying on it, confirm that “Pat” means you or your organization’s authorized approver, and expect the skill to slow down external actions such as installs, unknown links, API calls, uploads, messages, posts, and financial operations.
Capability Analysis
Type: OpenClaw Skill Name: zero-trust Version: 1.0.0 This skill bundle is designed to implement a 'Zero Trust Security Protocol' for the OpenClaw agent. The `SKILL.md` file contains extensive instructions for the agent to exercise extreme caution, verify sources, seek human approval for risky actions (e.g., installations, external API calls, URL clicks, credential handling), and identify common red flags (e.g., `sudo` requests, obfuscated code, urgency pressure, typosquatting). All instructions are defensive in nature, aiming to prevent data exfiltration, unauthorized execution, and other malicious activities, rather than performing them. There is no evidence of prompt injection with malicious intent, nor any other high-risk behaviors.
Capability Assessment
Purpose & Capability
The stated purpose is zero-trust, cautious agent behavior, and the only artifact is SKILL.md containing defensive verification, approval, URL safety, install safety, and credential-handling guidance.
Instruction Scope
The trigger is intentionally broad for external resources and irreversible actions, and the core principle names “Pat” as the approver; both fit a safety-checklist concept but may cause unnecessary friction or approver confusion outside that user’s environment.
Install Mechanism
The bundle contains only one non-executable Markdown file and no install hooks, scripts, dependencies, binaries, or package-manager actions.
Credentials
The skill does not request network, account, filesystem, or credential access for itself; references to URLs, installs, API calls, and credentials are framed as caution rules for future user-directed work.
Persistence & Privilege
It advises storing credentials under ~/.config with 0600 permissions when credentials are handled, but there is no background execution, privilege escalation, hidden persistence, or autonomous worker.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install zero-trust
  3. After installation, invoke the skill by name or use /zero-trust
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
**Initial release: Establishes security-first protocols for all high-risk operations.** - Introduces zero-trust guidelines for agent operations involving external resources, installations, or credentials. - Requires explicit human approval for sensitive actions such as sending emails, installing packages, or clicking unknown links. - Outlines STOP → THINK → VERIFY → ASK → ACT → LOG flow for all external actions. - Defines strict credentials handling: never log or expose, always store securely. - Provides clear red flags to identify risky operations and immediate STOP criteria.
Metadata
Slug zero-trust
Version 1.0.0
License
All-time Installs 233
Active Installs 26
Total Versions 1
Frequently Asked Questions

What is Zero Trust?

Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects. It is an AI Agent Skill for Claude Code / OpenClaw, with 6198 downloads so far.

How do I install Zero Trust?

Run "/install zero-trust" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Zero Trust free?

Yes, Zero Trust is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Zero Trust support?

Zero Trust is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Zero Trust?

It is built and maintained by doonot (@doonot); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments