← Back to Skills Marketplace
621
Downloads
0
Stars
7
Active Installs
4
Versions
Install in OpenClaw
/install clawsec-nanoclaw
Description
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
README (SKILL.md)
ClawSec for NanoClaw
Security advisory monitoring that protects your WhatsApp bot from known vulnerabilities in skills and dependencies.
Overview
ClawSec provides MCP tools that check installed skills against a curated feed of security advisories. It prevents installation of vulnerable skills, includes exploitability context for triage, and alerts you to issues in existing ones.
Core principle: Check before you install. Monitor what's running.
When to Use
Use ClawSec tools when:
- Installing a new skill (check safety first)
- User asks "are my skills secure?"
- Investigating suspicious behavior
- Regular security audits
- After receiving security notifications
Do NOT use for:
- Code review (use other tools)
- Performance issues (different concern)
- General debugging
MCP Tools Available
Pre-Installation Check
// Before installing any skill
const safety = await tools.clawsec_check_skill_safety({
skillName: 'new-skill',
skillVersion: '1.0.0' // optional
});
if (!safety.safe) {
// Show user the risks before proceeding
console.warn(`Security issues: ${safety.advisories.map(a => a.id)}`);
}
Security Audit
// Check all installed skills (defaults to ~/.claude/skills in the container)
const result = await tools.clawsec_check_advisories({
installRoot: '/home/node/.claude/skills' // optional
});
if (result.matches.some((m) =>
m.advisory.severity === 'critical' || m.advisory.exploitability_score === 'high'
)) {
// Alert user immediately
console.error('Urgent advisories found!');
}
Browse Advisories
// List advisories with filters
const advisories = await tools.clawsec_list_advisories({
severity: 'high', // optional
exploitabilityScore: 'high' // optional
});
Quick Reference
| Task | Tool | Key Parameter |
|---|---|---|
| Pre-install check | clawsec_check_skill_safety |
skillName |
| Audit all skills | clawsec_check_advisories |
installRoot (optional) |
| Browse feed | clawsec_list_advisories |
severity, type, exploitabilityScore (optional) |
| Verify package signature | clawsec_verify_skill_package |
packagePath |
| Refresh advisory cache | clawsec_refresh_cache |
(none) |
| Check file integrity | clawsec_check_integrity |
mode, autoRestore (optional) |
| Approve file change | clawsec_approve_change |
path |
| View baseline status | clawsec_integrity_status |
path (optional) |
| Verify audit log | clawsec_verify_audit |
(none) |
Common Patterns
Pattern 1: Safe Skill Installation
// ALWAYS check before installing
const safety = await tools.clawsec_check_skill_safety({
skillName: userRequestedSkill
});
if (safety.safe) {
// Proceed with installation
await installSkill(userRequestedSkill);
} else {
// Show user the risks and get confirmation
await showSecurityWarning(safety.advisories);
if (await getUserConfirmation()) {
await installSkill(userRequestedSkill);
}
}
Pattern 2: Periodic Security Check
// Add to scheduled tasks
schedule_task({
prompt: "Check advisories using clawsec_check_advisories and alert when critical or high-exploitability matches appear",
schedule_type: "cron",
schedule_value: "0 9 * * *" // Daily at 9am
});
Pattern 3: User Security Query
User: "Are my skills secure?"
You: I'll check installed skills for known vulnerabilities.
[Use clawsec_check_advisories]
Response:
✅ No urgent issues found.
- 2 low-severity/low-exploitability advisories
- All skills up to date
Common Mistakes
❌ Installing without checking
// DON'T
await installSkill('untrusted-skill');
// DO
const safety = await tools.clawsec_check_skill_safety({
skillName: 'untrusted-skill'
});
if (safety.safe) await installSkill('untrusted-skill');
❌ Ignoring exploitability context
// DON'T: Use severity only
if (advisory.severity === 'high') {
notifyNow(advisory);
}
// DO: Use exploitability + severity
if (
advisory.exploitability_score === 'high' ||
advisory.severity === 'critical'
) {
notifyNow(advisory);
}
❌ Skipping critical severity
// DON'T: Ignore high exploitability in medium severity advisories
if (advisory.severity === 'critical') alert();
// DO: Prioritize exploitability and severity together
if (advisory.exploitability_score === 'high' || advisory.severity === 'critical') {
// Alert immediately
}
Implementation Details
Feed Source: https://clawsec.prompt.security/advisories/feed.json
Update Frequency: Every 6 hours (automatic)
Signature Verification: Ed25519 signed feeds Package Verification Policy: pinned key only, bounded package/signature paths
Cache Location: /workspace/project/data/clawsec-advisory-cache.json
See INSTALL.md for setup and docs/ for advanced usage.
Real-World Impact
- Prevents installation of skills with known RCE vulnerabilities
- Alerts to supply chain attacks in dependencies
- Provides actionable remediation steps
- Zero false positives (curated feed only)
Usage Guidance
Before installing: 1) Review the host-side code (host-services/*, guardian/*) yourself—do not rely on the embedded README alone. 2) Confirm the pinned public key is correct and the feed domain (clawsec.prompt.security) is trusted. 3) When integrating IPC handlers, ensure the host-side handlers enforce caller authorization (which agent/group can call approve_change, clawsec_approve_change, or clawsec_check_integrity) and do not blindly accept container requests. 4) Treat baselines and the advisory cache as high-value assets: run them on the host with least privilege, store baselines where only the host process can write, and audit who can invoke 'approve' operations. 5) If you plan to enable auto-restore, require a manual approval workflow (or restrict approve_change) to prevent agents or malicious scheduled tasks from approving their own changes. 6) Consider installing in a staging environment first and run the provided tests. If you want more assurance, request a code review of the host IPC handlers to confirm access controls and logging are sufficient.
Capability Analysis
Type: OpenClaw Skill
Name: clawsec-nanoclaw
Version: 0.0.4
The clawsec-nanoclaw skill bundle is a comprehensive security suite designed for advisory monitoring, skill signature verification, and file integrity monitoring. It implements robust security best practices, including Ed25519 signature verification with pinned public keys (host-services/advisory-cache.ts), strict filesystem boundary enforcement for package verification (host-services/skill-signature-handler.ts), and a tamper-evident hash-chained audit log (guardian/integrity-monitor.ts). The code is well-structured, lacks obfuscation, and its capabilities are strictly aligned with the defensive security purposes described in the documentation.
Capability Tags
Capability Assessment
Purpose & Capability
Name, description and code/files align: the skill provides advisory feed fetching, signature verification, MCP tools and a host-side integrity monitor. The host imports and cache location are consistent with a security monitoring tool.
Instruction Scope
Runtime instructions direct the operator to copy files into NanoClaw, register MCP tools in the container, and add host IPC handlers and an AdvisoryCacheManager in host startup. These steps legitimately require host filesystem and process integration, but they also enable actions that read/modify host files (create baselines, auto-restore, quarantine), which are powerful and must be gated.
Install Mechanism
No registry install spec (instruction-only) but full source is included and INSTALL.md instructs manual copying into host/agent code. That is expected for a host-integrated skill but means code will run with host privileges when installed—verify files before copying.
Credentials
The skill requests no environment variables or secrets. It fetches a remote feed (https://clawsec.prompt.security) and uses a pinned public key embedded in code for signature verification, which is appropriate and reduces trust-on-first-use risk.
Persistence & Privilege
The skill requires modifying host startup code and writing to host-managed state (/workspace/project/data). The integrity monitor can auto-restore critical files and the MCP tools include an approve_change action; without strict host-side authorization this could let container agents or scheduled tasks approve or re-baseline tampered files, enabling persistence for malicious changes. always:false mitigates forced inclusion, but the required host integration grants significant privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawsec-nanoclaw - After installation, invoke the skill by name or use
/clawsec-nanoclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.4
Release 0.0.4 via CI
v0.0.3
Release 0.0.3 via CI
v0.0.2
Release 0.0.2 via CI
v0.0.1
Manual republish of 0.0.1 via workflow_dispatch
Metadata
Frequently Asked Questions
What is clawsec-nanoclaw?
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot. It is an AI Agent Skill for Claude Code / OpenClaw, with 621 downloads so far.
How do I install clawsec-nanoclaw?
Run "/install clawsec-nanoclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is clawsec-nanoclaw free?
Yes, clawsec-nanoclaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does clawsec-nanoclaw support?
clawsec-nanoclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created clawsec-nanoclaw?
It is built and maintained by davida-ps (@davida-ps); the current version is v0.0.4.
More Skills