Skip to content

Add ClawSec - AI agent skill security audit tool #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
huacheng wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add ClawSec - AI agent skill security audit tool #106

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ Contributions are always welcome. Please read the [Contribution Guidelines](CONT
- [WhistleBlower](https://github.com/Repello-AI/whistleblower): open-source tool designed to infer the system prompt of an AI agent based on its generated text outputs. ![GitHub Repo stars](https://img.shields.io/github/stars/Repello-AI/whistleblower?style=social)
- [Open-Prompt-Injection](https://github.com/liu00222/Open-Prompt-Injection): open-source tool to evaluate prompt injection attacks and defenses on benchmark datasets. ![GitHub Repo stars](https://img.shields.io/github/stars/liu00222/Open-Prompt-Injection?style=social)
- [Agentic Radar](https://github.com/splx-ai/agentic-radar): Open-source CLI security scanner for agentic workflows. ![GitHub Repo stars](https://img.shields.io/github/stars/splx-ai/agentic-radar?style=social)
- [ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

PR 설명과 실제 배치 간의 불일치를 확인하세요.

PR 설명에는 "Agentic Radar와 Garak 사이에 알파벳순으로 삽입"한다고 명시되어 있지만, 실제 파일에서 Garak은 112번 라인에, Agentic Radar는 120번 라인에 위치합니다. 현재 도구 목록은 알파벳순으로 정렬되어 있지 않습니다. ClawSec을 121번 라인(Agentic Radar 다음)에 배치하는 것이 의도된 것이라면 PR 설명을 업데이트하거나, 전체 목록을 알파벳순으로 재정렬하는 것을 고려해야 합니다.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 121, README 도구 목록이 알파벳순이 아니므로 목록을 정렬하거나 PR 설명을 수정하세요: 현재
항목 이름 Garak, Agentic Radar, ClawSec를 기준으로 전체 툴 목록을 알파벳순으로 재정렬하여 ClawSec이
"Agentic Radar"와 "Garak" 사이의 올바른 위치로 이동되도록 하거나, 만약 ClawSec를 121번 라인(Agentic
Radar 다음)에 두는 것이 의도였다면 PR 설명에서 삽입 위치 설명을 해당 실제 배치로 업데이트하십시오; 관련 식별자: "Garak",
"Agentic Radar", "ClawSec".

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# ClawSec URL 및 GitHub 저장소 확인

echo "=== URL 접근성 확인 ==="
curl -I -L -s -o /dev/null -w "%{http_code}" https://clawsec.cc
echo ""

echo "=== GitHub에서 ClawSec 저장소 검색 ==="
gh search repos ClawSec --limit 5 --json name,url,stargazersCount,description

Repository: corca-ai/awesome-llm-security

Length of output: 243

🏁 Script executed:

# README.md에서 GitHub 배지 패턴 확인
head -n 150 README.md | tail -n 40

Repository: corca-ai/awesome-llm-security

Length of output: 5062

🌐 Web query:

ClawSec GitHub repository AI security

💡 Result:

The primary ClawSec GitHub repository for AI security is https://github.com/prompt-security/clawsec. It is a complete security skill suite for AI agent platforms like OpenClaw (including MoltBot, Clawdbot), providing unified security monitoring, integrity verification, threat intelligence, file integrity protection, ClawHub reputation checks, and an advisory feed from NVD. Developed by Prompt Security, licensed AGPL-3.0, actively maintained (last push 2026-03-17), with 8 releases (latest v0.0.2 on 2026-03-10). Install via npx clawhub@latest install clawsec-suite. Homepage: https://prompt.security/clawsec and https://clawsec.prompt.security. A related but distinct repo is https://github.com/clawdsec/clawsec (MIT license), a security plugin for OpenClaw.ai that intercepts tool calls to prevent dangerous actions like destructive commands, secret exposure, data exfiltration, with YAML config and detectors for purchases, websites, secrets. Homepage: https://clawsec.bot. Other similar projects exist (e.g., SecureClaw, ClawSecure), but ClawSec specifically refers to the above, focused on securing OpenClaw AI agents against prompt injection, supply chain attacks, etc.

Citations:

🌐 Web query:

ClawSec security audit AI agent

💡 Result:

ClawSec is an open-source security suite and skill set for AI agents, primarily designed to secure OpenClaw (including MoltBot, Clawdbot) and NanoClaw platforms. Developed by Prompt Security (a SentinelOne company), it provides security audits, file integrity protection, drift detection, live CVE advisories, checksum verification, and protection against prompt injection, malicious instructions, and unsafe tool calls. It functions as a "skill-of-skills" manager that installs and maintains modular security skills. Key features include: - Automated security audits via self-check scripts and optional openclaw-audit-watchdog for daily reporting. - Tool interception and risk scoring for destructive commands, secret leaks, data exfiltration, etc., using YAML-configurable rules. - Continuous verification of agent files (e.g., SOUL.md, IDENTITY.md) and supply chain integrity. - Installation: npx clawhub@latest install clawsec-suite or openclaw plugins install clawsec. ClawSecure.ai is a separate service providing public security audit reports for OpenClaw skills using OWASP ASI Top 10, but not specifically auditing ClawSec itself as an "AI agent" in that context. Official sources: GitHub (prompt-security/clawsec, latest release v0.0.2 on 2026-03-10), clawsec.prompt.security, clawsec.bot.

Citations:

ClawSec 항목에 GitHub 저장소 링크와 스타 배지를 추가하세요.

ClawSec은 https://github.com/prompt-security/clawsec 에 공식 GitHub 저장소가 있으며, 다른 항목들과 일관성 있게 GitHub 스타 배지를 포함해야 합니다.

권장 변경사항 
- [ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
+ [ClawSec](https://github.com/prompt-security/clawsec): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns. ![GitHub Repo stars](https://img.shields.io/github/stars/prompt-security/clawsec?style=social)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- [ClawSec](https://clawsec.cc): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns.
- [ClawSec](https://github.com/prompt-security/clawsec): Security audit for AI agent skills detecting prompt injection, data exfiltration, and malicious patterns. ![GitHub Repo stars](https://img.shields.io/github/stars/prompt-security/clawsec?style=social)
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 121, README의 "ClawSec" 항목이 공식 GitHub 저장소 링크와 스타 배지가 빠져
있습니다; update the ClawSec list entry (the line containing "ClawSec") to link to
https://github.com/prompt-security/clawsec and append a GitHub star badge (e.g.,
a shields.io badge referencing prompt-security/clawsec) so it matches other
entries' format. Ensure the "ClawSec" text remains visible, the URL is the
repository URL, and the badge markup follows the same pattern used elsewhere in
README for consistency.


## Articles

Expand Down