Add ClawSec - AI agent skill security audit tool

[huacheng]

Summary

Adding ClawSec to the Tools section.

ClawSec is a security audit platform for AI agent skills that detects prompt injection, data exfiltration, and malicious patterns. It provides automated security analysis to help identify vulnerabilities in LLM-integrated applications.

Entry Added

• Section: Tools
• Position: Alphabetically between Agentic Radar and Garak
• Format: Matches existing entry format

Summary by CodeRabbit

릴리스 노트

• 문서
  • Tools 목록에 ClawSec 보안 감시 도구를 추가했습니다. AI 에이전트 스킬의 프롬프트 인젝션, 데이터 유출 및 악의적 패턴을 탐지합니다.

[coderabbitai]

Walkthrough

README 파일의 Tools 목록에 ClawSec이라는 새로운 항목이 추가되었습니다. 이 항목은 프롬프트 인젝션, 데이터 유출 및 악의적 패턴을 감지하는 AI 에이전트 기술 보안 감사 도구를 설명합니다.

Changes

Cohort / File(s)	Summary
Documentation README.md	Added ClawSec tool entry to Tools list with description of AI agent security audit capabilities.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title directly and clearly reflects the main change: adding ClawSec tool to the README with a description of its functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can suggest fixes for GitHub Check annotations.

Configure the reviews.tools.github-checks setting to adjust the time to wait for GitHub Checks to complete.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

README.md (1)

121-121: 설명에 관사 추가를 고려하세요.

목록의 다른 항목들과의 일관성을 위해 설명 앞에 관사를 추가하는 것을 권장합니다. 예를 들어, "A security audit platform for AI agent skills" 또는 "Security auditing tool for AI agent skills"로 수정할 수 있습니다.

♻️ 제안된 수정

-[ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
+[ClawSec](https://clawsec.cc): A security audit platform for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 121, The description for the "ClawSec" list entry lacks an
article and should be made consistent with other items; update the text
following the "ClawSec" link (the string "Security audit for AI agent skills
detecting prompt injection, data exfiltration, and malicious patterns.") to
include an article or rephrase (e.g., "A security audit platform for AI agent
skills..." or "Security auditing tool for AI agent skills...") so it matches the
style of the other list items.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 121: README 도구 목록이 알파벳순이 아니므로 목록을 정렬하거나 PR 설명을 수정하세요: 현재 항목 이름 Garak,
Agentic Radar, ClawSec를 기준으로 전체 툴 목록을 알파벳순으로 재정렬하여 ClawSec이 "Agentic Radar"와
"Garak" 사이의 올바른 위치로 이동되도록 하거나, 만약 ClawSec를 121번 라인(Agentic Radar 다음)에 두는 것이
의도였다면 PR 설명에서 삽입 위치 설명을 해당 실제 배치로 업데이트하십시오; 관련 식별자: "Garak", "Agentic Radar",
"ClawSec".
- Line 121: README의 "ClawSec" 항목이 공식 GitHub 저장소 링크와 스타 배지가 빠져 있습니다; update the
ClawSec list entry (the line containing "ClawSec") to link to
https://github.com/prompt-security/clawsec and append a GitHub star badge (e.g.,
a shields.io badge referencing prompt-security/clawsec) so it matches other
entries' format. Ensure the "ClawSec" text remains visible, the URL is the
repository URL, and the badge markup follows the same pattern used elsewhere in
README for consistency.

---

Nitpick comments:
In `@README.md`:
- Line 121: The description for the "ClawSec" list entry lacks an article and
should be made consistent with other items; update the text following the
"ClawSec" link (the string "Security audit for AI agent skills detecting prompt
injection, data exfiltration, and malicious patterns.") to include an article or
rephrase (e.g., "A security audit platform for AI agent skills..." or "Security
auditing tool for AI agent skills...") so it matches the style of the other list
items.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1eb7b52c-c02e-4a8f-a989-07840caff2a0

📥 Commits

Reviewing files that changed from the base of the PR and between c8ae124 and 905c859.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

PR 설명과 실제 배치 간의 불일치를 확인하세요.

PR 설명에는 "Agentic Radar와 Garak 사이에 알파벳순으로 삽입"한다고 명시되어 있지만, 실제 파일에서 Garak은 112번 라인에, Agentic Radar는 120번 라인에 위치합니다. 현재 도구 목록은 알파벳순으로 정렬되어 있지 않습니다. ClawSec을 121번 라인(Agentic Radar 다음)에 배치하는 것이 의도된 것이라면 PR 설명을 업데이트하거나, 전체 목록을 알파벳순으로 재정렬하는 것을 고려해야 합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 121, README 도구 목록이 알파벳순이 아니므로 목록을 정렬하거나 PR 설명을 수정하세요: 현재
항목 이름 Garak, Agentic Radar, ClawSec를 기준으로 전체 툴 목록을 알파벳순으로 재정렬하여 ClawSec이
"Agentic Radar"와 "Garak" 사이의 올바른 위치로 이동되도록 하거나, 만약 ClawSec를 121번 라인(Agentic
Radar 다음)에 두는 것이 의도였다면 PR 설명에서 삽입 위치 설명을 해당 실제 배치로 업데이트하십시오; 관련 식별자: "Garak",
"Agentic Radar", "ClawSec".

---

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# ClawSec URL 및 GitHub 저장소 확인

echo "=== URL 접근성 확인 ==="
curl -I -L -s -o /dev/null -w "%{http_code}" https://clawsec.cc
echo ""

echo "=== GitHub에서 ClawSec 저장소 검색 ==="
gh search repos ClawSec --limit 5 --json name,url,stargazersCount,description

Repository: corca-ai/awesome-llm-security

Length of output: 243

---

🏁 Script executed:

# README.md에서 GitHub 배지 패턴 확인
head -n 150 README.md | tail -n 40

Repository: corca-ai/awesome-llm-security

Length of output: 5062

---

🌐 Web query:

ClawSec GitHub repository AI security

💡 Result:

The primary ClawSec GitHub repository for AI security is https://github.com/prompt-security/clawsec. It is a complete security skill suite for AI agent platforms like OpenClaw (including MoltBot, Clawdbot), providing unified security monitoring, integrity verification, threat intelligence, file integrity protection, ClawHub reputation checks, and an advisory feed from NVD. Developed by Prompt Security, licensed AGPL-3.0, actively maintained (last push 2026-03-17), with 8 releases (latest v0.0.2 on 2026-03-10). Install via npx clawhub@latest install clawsec-suite. Homepage: https://prompt.security/clawsec and https://clawsec.prompt.security. A related but distinct repo is https://github.com/clawdsec/clawsec (MIT license), a security plugin for OpenClaw.ai that intercepts tool calls to prevent dangerous actions like destructive commands, secret exposure, data exfiltration, with YAML config and detectors for purchases, websites, secrets. Homepage: https://clawsec.bot. Other similar projects exist (e.g., SecureClaw, ClawSecure), but ClawSec specifically refers to the above, focused on securing OpenClaw AI agents against prompt injection, supply chain attacks, etc.

Citations:

• 1: https://github.com/prompt-security/clawsec
• 2: https://github.com/clawdsec/clawsec
• 3: https://github.com/prompt-security/clawsec/security
• 4: https://www.clawsec.bot/
• 5: https://www.dowhile.ai
• 6: https://clawscan.dev/
• 7: https://aipure.ai/products/clawsec-by-prompt-security

---

🌐 Web query:

ClawSec security audit AI agent

💡 Result:

ClawSec is an open-source security suite and skill set for AI agents, primarily designed to secure OpenClaw (including MoltBot, Clawdbot) and NanoClaw platforms. Developed by Prompt Security (a SentinelOne company), it provides security audits, file integrity protection, drift detection, live CVE advisories, checksum verification, and protection against prompt injection, malicious instructions, and unsafe tool calls. It functions as a "skill-of-skills" manager that installs and maintains modular security skills. Key features include: - Automated security audits via self-check scripts and optional openclaw-audit-watchdog for daily reporting. - Tool interception and risk scoring for destructive commands, secret leaks, data exfiltration, etc., using YAML-configurable rules. - Continuous verification of agent files (e.g., SOUL.md, IDENTITY.md) and supply chain integrity. - Installation: npx clawhub@latest install clawsec-suite or openclaw plugins install clawsec. ClawSecure.ai is a separate service providing public security audit reports for OpenClaw skills using OWASP ASI Top 10, but not specifically auditing ClawSec itself as an "AI agent" in that context. Official sources: GitHub (prompt-security/clawsec, latest release v0.0.2 on 2026-03-10), clawsec.prompt.security, clawsec.bot.

Citations:

• 1: https://github.com/prompt-security/clawsec
• 2: https://www.clawsec.bot/
• 3: https://clawsec.prompt.security/
• 4: https://www.sentinelone.com/blog/clawsec-hardening-openclaw-agents-from-the-inside-out/
• 5: https://github.com/clawdsec/clawsec
• 6: https://github.com/prompt-security/clawsec/blob/main/README.md
• 7: https://www.clawsecure.ai/report/66503746ef2723d4
• 8: https://www.clawsecure.ai/report/e5ab5af25bde9132
• 9: https://www.clawsecure.ai/security-report-2026
• 10: https://www.commercialappeal.com/press-release/story/80535/openclaw-security-audit-finds-41-of-skills-have-vulnerabilities/

---

ClawSec 항목에 GitHub 저장소 링크와 스타 배지를 추가하세요.

ClawSec은 https://github.com/prompt-security/clawsec 에 공식 GitHub 저장소가 있으며, 다른 항목들과 일관성 있게 GitHub 스타 배지를 포함해야 합니다.

권장 변경사항

- [ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
+ [ClawSec](https://github.com/prompt-security/clawsec): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns. ![GitHub Repo stars](https://img.shields.io/github/stars/prompt-security/clawsec?style=social)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- [ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
	- [ClawSec](https://github.com/prompt-security/clawsec): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns. 

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 121, README의 "ClawSec" 항목이 공식 GitHub 저장소 링크와 스타 배지가 빠져
있습니다; update the ClawSec list entry (the line containing "ClawSec") to link to
https://github.com/prompt-security/clawsec and append a GitHub star badge (e.g.,
a shields.io badge referencing prompt-security/clawsec) so it matches other
entries' format. Ensure the "ClawSec" text remains visible, the URL is the
repository URL, and the badge markup follows the same pattern used elsewhere in
README for consistency.