openclaw-sec
AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations
What this skill does
# OpenClaw Security Suite
**Comprehensive AI Agent Protection** - Real-time security validation with 6 parallel detection modules, intelligent severity scoring, and automated action enforcement.
## Overview
OpenClaw Security Suite protects AI agent systems from security threats through:
- โ
**6 Parallel Detection Modules** - Comprehensive threat coverage
- โก **Sub-50ms Validation** - Real-time with async database writes
- ๐ฏ **Smart Severity Scoring** - Context-aware risk assessment
- ๐ง **Automated Actions** - Block, warn, or log based on severity
- ๐ **Analytics & Reputation** - Track patterns and user behavior
- ๐ช **Auto-Hooks** - Transparent protection via hooks
## Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ User Input / Tool Call โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Security Engine (Main) โ
โ โข Orchestrates all modules โ
โ โข Aggregates findings โ
โ โข Determines actions โ
โโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโ
โ Parallel Detection (6) โ
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโ
โ
โโโโโโโฌโโโโโโฌโโโโโดโโโโโฌโโโโโโฌโโโโโโ
โผ โผ โผ โผ โผ โผ
Prompt Command URL Path Secret Content
Inject Inject Valid Valid Detect Scanner
โ โ โ โ โ โ
โโโโโโโดโโโโโโโดโโโโโโโดโโโโโโดโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Severity Scorer โ
โ โข Calculates risk level โ
โ โข Weights by module โ
โโโโโโโโโโฌโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Action Engine โ
โ โข Rate limiting โ
โ โข Reputation scoring โ
โ โข Action determination โ
โโโโโโโโโโฌโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโดโโโโโโโโโโ
โผ โผ
โโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ Return โ โ Async Queue โ
โ Result โ โ โข DB writes โ
โ ~20-50msโ โ โข Logging โ
โโโโโโโโโโโ โ โข Notify โ
โโโโโโโโโโโโโโโโ
```
## Commands
All commands are available via the `/openclaw-sec` skill or `openclaw-sec` CLI.
### Validation Commands
#### `/openclaw-sec validate-command <command>`
Validate a shell command for injection attempts.
```bash
openclaw-sec validate-command "ls -la"
openclaw-sec validate-command "rm -rf / && malicious"
```
**Options:**
- `-u, --user-id <id>` - User ID for tracking
- `-s, --session-id <id>` - Session ID for tracking
**Example Output:**
```
Validating command: rm -rf /
Severity: HIGH
Action: block
Findings: 2
Detections:
1. command_injection - Dangerous command pattern detected
Matched: rm -rf /
Recommendations:
โข Validate and sanitize any system commands
โข Use parameterized commands instead of string concatenation
```
---
#### `/openclaw-sec check-url <url>`
Validate a URL for SSRF and security issues.
```bash
openclaw-sec check-url "https://example.com"
openclaw-sec check-url "http://169.254.169.254/metadata"
openclaw-sec check-url "file:///etc/passwd"
```
**Options:**
- `-u, --user-id <id>` - User ID
- `-s, --session-id <id>` - Session ID
**Detects:**
- Internal/private IP addresses (RFC 1918, link-local)
- Cloud metadata endpoints (AWS, Azure, GCP)
- Localhost and loopback addresses
- File protocol URIs
- Credential exposure in URLs
---
#### `/openclaw-sec validate-path <path>`
Validate a file path for traversal attacks.
```bash
openclaw-sec validate-path "/tmp/safe-file.txt"
openclaw-sec validate-path "../../../etc/passwd"
openclaw-sec validate-path "/proc/self/environ"
```
**Options:**
- `-u, --user-id <id>` - User ID
- `-s, --session-id <id>` - Session ID
**Detects:**
- Directory traversal patterns (`../`, `..\\`)
- Absolute path to sensitive files (`/etc/passwd`, `/proc/*`)
- Null byte injection
- Unicode/encoding tricks
- Windows UNC paths
---
#### `/openclaw-sec scan-content <text|file>`
Scan content for secrets, obfuscation, and policy violations.
```bash
openclaw-sec scan-content "Normal text here"
openclaw-sec scan-content --file ./document.txt
openclaw-sec scan-content "API_KEY=sk-abc123def456"
```
**Options:**
- `-f, --file` - Treat argument as file path
- `-u, --user-id <id>` - User ID
- `-s, --session-id <id>` - Session ID
**Detects:**
- API keys and tokens (OpenAI, AWS, GitHub, etc.)
- Database credentials
- SSH private keys
- JWT tokens
- Base64/hex obfuscation
- Excessive special characters
- Policy violations
---
#### `/openclaw-sec check-all <text>`
Run comprehensive security scan with all modules.
```bash
openclaw-sec check-all "Your input text here"
```
**Options:**
- `-u, --user-id <id>` - User ID
- `-s, --session-id <id>` - Session ID
**Example Output:**
```
Running comprehensive security scan...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Scan Results
Severity: MEDIUM
Action: warn
Fingerprint: a1b2c3d4e5f6g7h8
Total Findings: 3
๐ Detections by Module:
prompt_injection (2 findings)
1. instruction_override
Severity: MEDIUM
Description: Attempt to override system instructions
url_validator (1 findings)
1. ssrf_private_ip
Severity: HIGH
Description: Internal IP address detected
```
---
### Monitoring Commands
#### `/openclaw-sec events`
View recent security events.
```bash
openclaw-sec events
openclaw-sec events --limit 50
openclaw-sec events --user-id "[email protected]"
openclaw-sec events --severity HIGH
```
**Options:**
- `-l, --limit <number>` - Number of events (default: 20)
- `-u, --user-id <id>` - Filter by user
- `-s, --severity <level>` - Filter by severity
**Output:**
```
๐ Security Events
Timestamp Severity Action User ID Module
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
2026-02-01 10:30:22 HIGH block [email protected] command_validator
2026-02-01 10:29:15 MEDIUM warn [email protected] url_validator
2026-02-01 10:28:03 LOW log [email protected] prompt_injection
```
---
#### `/openclaw-sec stats`
Show security statistics.
```bash
openclaw-sec stats
```
**Output:**
```
๐ Security Statistics
Database Tables:
โข security_events
โข rate_limits
โข user_reputation
โข attack_patterns
โข notifications_log
```
---
#### `/openclaw-sec analyze`
Analyze security patterns and trends.
```bash
openclaw-sec analyze
openclaw-sec analyze --user-id "[email protected]"
```
**Options:**
- `-u, --user-id <id>` - Analyze specific user
**Output:**
```
๐ฌ Security Analysis
User Reputation:
Trust Score: 87.5
Total Requests: 1,234
Blocked Attempts: 5
Allowlisted: No
Blocklisted: No
```
---
#### `/openclaw-sec reputation <user-id>`
View user reputation and trust score.
```bash
openclaw-sec reputation "[email protected]"
```
**Output:**
```
๐ค User Reputation
User ID: [email protected]
Trust Score: 92.3
Total Requests: 5,678
Blocked Attempts: 12
โ Allowlisted
Last Violation: 2026-01-15 14:22:00
```
---
#### `/openclaw-sec watch`
Watch for security events in real-time (placeholder).
```bash
openclaw-sec watch
```
---
### Configuration Commands
#### `/openclaw-sec config`
Show current configuration.
```bash
openclaw-sec config
```
**Output:**
```
โ๏ธ Configuration
Config File: .openclaw-sec.yaml
Status: Enabled
Sensitivity: medium
Database: .openclaw-sec.db
Modules:
โ prompt_injection
โ command_validator
โ url_validator
โ path_validator
โ secret_detector
โ content_scanner
Actions:
SAFE: allow
LOW: log
MEDIUM: warn
HIGH: block
CRITICAL: block_notify
```
---
#### `/openclaw-sec coRelated in AI Agents
skill-development
IncludedComprehensive meta-skill for creating, managing, validating, auditing, and distributing Claude Code skills and slash commands (unified in v2.1.3+). Provides skill templates, creation workflows, validation patterns, audit checklists, naming conventions, YAML frontmatter guidance, progressive disclosure examples, and best practices lookup. Use when creating new skills, validating existing skills, auditing skill quality, understanding skill architecture, needing skill templates, learning about YAML frontmatter requirements, progressive disclosure patterns, tool restrictions (allowed-tools), skill composition, skill naming conventions, troubleshooting skill activation issues, creating custom slash commands, configuring command frontmatter, using command arguments ($ARGUMENTS, $1, $2), bash execution in commands, file references in commands, command namespacing, plugin commands, MCP slash commands, Skill tool configuration, or deciding between skills vs slash commands. Delegates to docs-management skill for official documentation.
reprompter
IncludedTransform messy prompts into well-structured, effective prompts โ single or multi-agent. Use when: "reprompt", "reprompt this", "clean up this prompt", "structure my prompt", rough text needing XML tags and best practices, "reprompter teams", "repromptception", "run with quality", "smart run", "smart agents", multi-agent tasks, audits, parallel work, anything going to agent teams. Don't use when: simple Q&A, pure chat, immediate execution-only tasks. See "Don't Use When" section for details. Outputs: Structured XML/Markdown prompt, quality score (before/after), optional team brief + per-agent sub-prompts, agent team output files. Success criteria: Single mode quality score โฅ 7/10; Repromptception per-agent prompt quality score 8+/10; all required sections present, actionable and specific.
adaptive-compaction
IncludedAdaptive add-on policy and recovery layer that decides WHEN to compact, prune, snapshot, or fork -- replacing fixed-percent auto-compaction across Claude Code, Codex, and MCP-capable hosts. Trigger on auto-compact timing or damage: "when should I compact", "is it safe to compact now or start a fresh session", "auto-compact fires too early/mid-task", "switching to an unrelated task but the window still has space", "context rot", "answers get worse the longer the session runs", "the agent forgot the plan or my decisions after it summarized", "add a layer on top that manages context without changing the agent", raising autoCompactWindow to give the policy room, or installing/tuning a cross-tool compaction policy or PreCompact hook -- even when "compaction" is never said but the problem is context-window pressure or post-summarization memory loss. Do NOT use to summarize a conversation, build RAG, write a summarization prompt (decides WHEN not HOW), or answer max-context-length trivia.
agent-skill-creator
IncludedCreate cross-platform agent skills from workflow descriptions. Activates when users ask to create an agent, automate a repetitive workflow, create a custom skill, or need advanced agent creation. Triggers on phrases like create agent for, automate workflow, create skill for, every day I have to, daily I need to, turn process into agent, need to automate, create a cross-platform skill, validate this skill, export this skill, migrate this skill. Supports single skills, multi-agent suites, transcript processing, template-based creation, interactive configuration, cross-platform export, and spec validation.
llm-wiki
IncludedUse when building or maintaining a persistent personal knowledge base (second brain) in Obsidian where an LLM incrementally ingests sources, updates entity/concept pages, maintains cross-references, and keeps a synthesis current. Triggers include "second brain", "Obsidian wiki", "personal knowledge management", "ingest this paper/article/book", "build a research wiki", "compound knowledge", "Memex", or whenever the user wants knowledge to accumulate across sessions instead of being re-derived by RAG on every query.
skill-master
IncludedAgent Skills authoring, evaluation, and optimization. Create, edit, validate, benchmark, and improve skills following the agentskills.io specification. Use when designing SKILL.md files, structuring skill folders (references, scripts, assets), ingesting external documentation into skills, running trigger evals, benchmarking skill quality, optimizing descriptions, or performing blind A/B comparisons. Keywords: agentskills.io, SKILL.md, skill authoring, eval, benchmark, trigger optimization.