Shieldapi

ShieldAPI — x402 Security Intelligence for AI Agents. 11 endpoints: password range check (k-anonymity), password check (deprecated), email breach lookup, dom...

This skill appears to do what it says (remote security checks) and requests no secrets or installs — but take these precautions before enabling it: 1) Use demo mode (?demo=true) first to verify responses without payments or data leakage. 2) Do NOT paste private keys, mnemonics, or wallet seeds into the agent; follow the SKILL.md guidance to use an out-of-band secure signer or platform wallet to produce any X-PAYMENT header. 3) Be aware that the provider explicitly logs scanned domains/URLs/IPs to build a 'Security Graph' — avoid sending sensitive or private hostnames, emails, or data you don't want shared. 4) Prefer the check-password-range (k-anonymity) endpoint instead of the deprecated full-hash endpoint for any password-related checks. 5) If you plan to use scan-skill or upload skill/plugin URLs, ensure those manifests contain no secrets before sending. 6) Verify the service endpoint (https://shield.vainplex.dev) and privacy policy yourself if you will use it with real data or real payments. If you need higher assurance, request the provider's cryptographic payment/invoice format and test a payment flow in a controlled environment first.

Type: OpenClaw Skill Name: shieldapi Version: 3.0.3 The ShieldAPI skill bundle provides a suite of security intelligence tools (breach checks, reputation lookups, and prompt injection detection) via a pay-per-request API using the x402 protocol. The SKILL.md instructions are defensive, explicitly directing the AI agent to avoid handling raw private keys and to use privacy-preserving k-anonymity for password checks. There is no evidence of data exfiltration, malicious execution, or unauthorized access; the skill functions as a legitimate security utility for agents.