Sovereign API Hardener

Hardens API endpoints against common attacks. Covers rate limiting, input validation, auth, CORS, headers, injection prevention, error handling, and monitoring.

This is an instruction-only hardening playbook (no downloads, no env keys requested). It's internally consistent and useful for auditing API code, but follow these precautions before using it: (1) Do not paste secrets, .env files, or private keys into prompts—only share code you are comfortable exposing to the agent. (2) Treat suggested code changes as recommendations: review them, run tests, and stage changes in a dev environment before deploying. (3) If the skill recommends third-party services (Redis, monitoring, rate-limit stores), validate the providers and avoid supplying production credentials directly—use least-privilege test credentials. (4) Verify the upstream project/homepage and the author's reputation before applying large-scale automated changes. If you want higher assurance, restrict the agent to a sanitized subset of your codebase or run the suggested changes in an isolated environment first.

Type: OpenClaw Skill Name: sovereign-api-hardener Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'sovereign-api-hardener' is benign. The `SKILL.md` file provides comprehensive instructions for an AI agent to analyze API code for security vulnerabilities and suggest hardening recommendations. The instructions for the AI agent are consistently aligned with its stated purpose as an 'API security specialist' and do not contain any prompt injection attempts to subvert the agent's behavior. Code examples are illustrative of secure coding practices, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `clawhub install` command is a standard installation instruction for the user, not a malicious command for the agent.