← Back to Skills Marketplace
cazaboock9

NeoGriffin Security

by Dago · GitHub ↗ · v2.2.1 · MIT-0
cross-platform ⚠ suspicious
311
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install neogriffin-security
Description
Multi-chain security API designed exclusively for autonomous AI agents. Prompt injection detection (66 patterns, 95% accuracy), token scam scanning, tx simul...
Usage Guidance
This skill implements a plausible security API for autonomous agents, but proceed cautiously. Before installing or enabling it: - Ask the maintainer why NEOGRIFFIN_PAYMENT_WALLET is required as an environment variable and what the agent is expected to store in that env var (public address vs. any secret). Do not set any env var containing private keys or seed phrases. - Never send private keys, seed phrases, or signed private material to the API. Paid endpoints require a tx signature in X-Surge-TX — confirm the provider's claim about not storing full signatures and consider using ephemeral/test signatures first. - Test free endpoints with non-sensitive sample inputs to verify behavior and logs. Confirm that the payment wallet in SKILL.md matches the provider's published receiver address. - Be cautious about the instruction to POST "skill" or in-memory content — that can leak prompts, internal state, or other sensitive material; only send minimized, non-secret data. - Verify operator identity and reputation for api.neogriffin.dev (who runs it, privacy policy, SLA). If you plan to allow autonomous agent invocation that will call this service automatically, limit scope until you trust the provider. If the provider can explain the env-var usage and privacy guarantees in detail (and you audit a small trial), the skill could be usable. If those questions are unanswered, avoid granting it agent automation or sending any sensitive runtime data.
Capability Analysis
Type: OpenClaw Skill Name: neogriffin-security Version: 2.2.1 The neogriffin-security skill is a documentation-based bundle providing an AI agent with instructions to utilize a third-party security API (api.neogriffin.dev) for prompt injection detection, token auditing, and transaction simulation. It includes comprehensive documentation for 26 endpoints and explicitly instructs the agent to perform safety scans on all external inputs. The behavior is entirely consistent with its stated purpose as a security tool for autonomous agents, and no malicious code, deceptive instructions, or unauthorized data exfiltration patterns were identified.
Capability Assessment
Purpose & Capability
The declared purpose (multi-chain security for autonomous agents) aligns with the endpoints and features listed (injection scanning, token audits, tx simulation, watcher, etc.). However there are small inconsistencies: package.json reports version 2.1.0 while registry metadata shows 2.2.1, and the skill declares NEOGRIFFIN_PAYMENT_WALLET as a required/primary environment variable despite embedding a payment wallet address in the SKILL.md — it's unclear why the user must supply this env var if the receiver address is fixed.
Instruction Scope
SKILL.md instructs agents to POST arbitrary inputs (memos, messages, token metadata, and even "skill" content) to an external API. That means any runtime-sensitive text that the agent holds (potentially prompts, transaction data, or parts of skill code) can be transmitted off-host. The doc claims hashing and non-storage of originals, and that full transaction signatures are not stored, but those are operator-side assurances that cannot be verified by the agent. The explicit /api/scan/skill hint ("scans content in memory only — skill code is NOT persisted or shared") is a potentially risky instruction: sending skill contents or other in-memory data to an external service can leak secrets or private data if misused.
Install Mechanism
Instruction-only skill with no install spec or executable payload; no archives or third-party binaries are pulled. This minimizes direct filesystem/code-execution risk.
Credentials
Only one required env var (NEOGRIFFIN_PAYMENT_WALLET) is declared, but it's marked as the primary credential. The SKILL.md itself lists a concrete payment wallet address. Requiring the user to set a 'payment wallet' env var is unusual for a consumer security scanner (the API could accept payment signatures without the agent storing a provider wallet). It's unclear whether this env var is read by the agent to direct payments, used as an identifier, or (worse) used to hold credentials. The env var name and 'primaryEnv' label give the impression of a credential even though the value is likely a public address; this mismatch is disproportionate and should be clarified.
Persistence & Privilege
Skill does not request 'always: true' and does not include install hooks. Autonomous invocation is allowed (platform default). There is no evidence the skill requests system-wide config changes or persistent privileges on the agent.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install neogriffin-security
  3. After installation, invoke the skill by name or use /neogriffin-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.1
Added privacy and data retention policy
v2.2.0
66 patterns, immune system, 26 endpoints, intelligence module
v2.1.0
Initial release — prompt injection, token audits, tx simulation, MEV detection, x402 + SURGE
Metadata
Slug neogriffin-security
Version 2.2.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is NeoGriffin Security?

Multi-chain security API designed exclusively for autonomous AI agents. Prompt injection detection (66 patterns, 95% accuracy), token scam scanning, tx simul... It is an AI Agent Skill for Claude Code / OpenClaw, with 311 downloads so far.

How do I install NeoGriffin Security?

Run "/install neogriffin-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NeoGriffin Security free?

Yes, NeoGriffin Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does NeoGriffin Security support?

NeoGriffin Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NeoGriffin Security?

It is built and maintained by Dago (@cazaboock9); the current version is v2.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments