← Back to Skills Marketplace
z-hussein

Security-Shield

by ZHDesignS · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
501
Downloads
0
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install security-shield
Description
Security best practices for credential protection, information disclosure prevention, and operational integrity.
Usage Guidance
This skill is an instruction-only security reference and appears internally consistent and low-risk: it contains advice, refusal patterns, and safe placeholder examples and does not request credentials or install code. Before installing, consider provenance — the package owner and homepage are not well identified, so verify you trust the source or review the included files yourself. If you plan to act on the audit commands included (nmap, gobuster, grep, etc.), only run them against systems you own or have explicit permission to test. Finally, remember that autonomous invocation is allowed by default on the platform; if you prefer manual control, keep the skill user-invocable and avoid enabling it as a permanent/always-included component.
Capability Analysis
Type: OpenClaw Skill Name: security-shield Version: 1.1.0 The skill bundle defines a security-focused system prompt but includes 'Workflow Compatibility' features in SKILL.md and README.md that act as documented bypasses (e.g., using 'TESTING:' or 'EDUCATIONAL:' prefixes) to lower the agent's security restrictions. Furthermore, references/audit-checklist.md contains a collection of high-risk pentesting commands and exploitation patterns (e.g., nmap, sqlmap, and path traversal strings). While these are presented for auditing purposes, they provide a functional toolkit and a standardized bypass mechanism that could be exploited via prompt injection to perform unauthorized actions or extract sensitive information.
Capability Assessment
Purpose & Capability
The skill's name and description (security best practices) align with its contents: guidance, audit checklists, and safe examples. It requests no credentials, binaries, installs, or config access — which is appropriate for an advisory/reference skill. Note: the source/homepage and owner metadata are minimal/unknown; provenance is not demonstrated in the package metadata, which is something to consider before trusting it unreservedly.
Instruction Scope
SKILL.md and all reference documents restrict behavior to high-level guidance, refusal patterns, placeholder examples, and recommended audit commands. There are no instructions that tell the agent to read local secrets, access unrelated environment variables, or transmit data externally. The included command snippets (e.g., git grep, find, nmap) are reasonable for an audit checklist but should only be used on authorized systems.
Install Mechanism
No install spec and no code files mean nothing will be written to disk or executed by an installer. This is the lowest-risk form (instruction-only). Documentation references a 'clawhub install' command as usage, but no automated install payload is provided in the bundle.
Credentials
The skill does not request environment variables, credentials, or config paths. The guidance explicitly discourages sharing secrets and uses placeholder examples. There are no disproportionate secret requests in the manifest or SKILL.md.
Persistence & Privilege
The skill does not request always:true or any elevated system privileges. It is user-invocable and can be invoked autonomously (the platform default), which is expected for skills; there is no indication it attempts to modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install security-shield
  3. After installation, invoke the skill by name or use /security-shield
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
security-shield v1.0.2 - Updated security guidance to a principle-based approach, focusing on high-level best practices and operational integrity. - Streamlined and generalized rules to emphasize objective evaluation and consistent response standards. - Clarified placeholder usage and disclosure criteria to avoid confusion and misuse. - Added guidance for rule modification, workflow integration, and handling testing/educational scenarios. - Removed specific pattern strings and implementation references for improved security and clarity.
v1.0.1
Enhanced security-shield skill with improved workflow compatibility and debugging. - Added support for legitimate development, testing, and educational scenarios with a new workflow compatibility mode. - Updated rules to allow temporary suspension of protections by authorized administrators in controlled settings. - Improved user responses to be more informative about security measures and exceptions. - Maintained strict protection against credential leakage, prompt injection, and social engineering, with clearer guidance for edge cases. - Included explicit steps for logging exceptions and supporting educational explanations where appropriate.
v1.0.0
security-shield 1.0.0 - Initial release of a comprehensive security and safety skill. - Defends against prompt injection, jailbreaks, social engineering, and credential leakage. - Defines strict rules for credential protection, system prompt secrecy, and resistance against manipulation. - Provides clear user-facing responses to sensitive or suspicious requests. - Includes a quick-reference checklist and guidance for safe, legitimate security tasks using placeholder data only.
Metadata
Slug security-shield
Version 1.1.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Security-Shield?

Security best practices for credential protection, information disclosure prevention, and operational integrity. It is an AI Agent Skill for Claude Code / OpenClaw, with 501 downloads so far.

How do I install Security-Shield?

Run "/install security-shield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security-Shield free?

Yes, Security-Shield is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security-Shield support?

Security-Shield is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security-Shield?

It is built and maintained by ZHDesignS (@z-hussein); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments