A comprehensive security review framework for AI agents operating in adversarial environments.
Core principle: Every external input is untrusted until verified.
This skill provides a structured security review framework for OpenClaw agents, covering:
- Skill/MCP Installation — Detect malicious patterns before installation
- GitHub Repository Review — Audit codebases for security issues
- URL/Document Analysis — Scan for prompt injection and social engineering
- On-Chain Address Review — AML risk assessment and transaction analysis
- Product/Service Evaluation — Architecture and permission analysis
- Social Share Review — Validate tools recommended in chats
Download the latest release and extract to your OpenClaw workspace:
cd ~/.openclaw/workspace/skills
git clone https://github.com/slowmist/slowmist-agent-security.gitclawhub install slowmist-agent-securityOnce installed, the agent will automatically reference this framework when encountering:
- Skill/MCP installation requests
- Unknown GitHub repositories
- External URLs or documents
- Blockchain addresses
- Product/service recommendations
slowmist-agent-security/
├── SKILL.md # Main framework documentation
├── README.md # This file
├── _meta.json # ClawHub metadata
├── reviews/
│ ├── skill-mcp.md # Skill/MCP review guide
│ ├── repository.md # GitHub repo review guide
│ ├── url-document.md # URL/document review guide
│ ├── onchain.md # On-chain address review guide
│ ├── product-service.md # Product/service review guide
│ └── message-share.md # Social share review guide
├── patterns/
│ ├── red-flags.md # Code-level dangerous patterns (11 categories)
│ ├── social-engineering.md # Social engineering patterns (8 categories)
│ └── supply-chain.md # Supply chain attack patterns (7 categories)
└── templates/
├── report-skill.md # Skill assessment report template
├── report-repo.md # Repository assessment report template
├── report-url.md # URL/document assessment report template
├── report-onchain.md # On-chain assessment report template
└── report-product.md # Product/service assessment report template
| Level | Meaning | Agent Action |
|---|---|---|
| 🟢 LOW | Information-only, no execution, no data collection, trusted source | Inform user, proceed if requested |
| 🟡 MEDIUM | Limited capability, clear scope, known source, some risk | Full report with risk items, recommend caution |
| 🔴 HIGH | Involves credentials, funds, system modification, unknown source | Detailed report, must have human approval |
| ⛔ REJECT | Matches red-flag patterns, confirmed malicious, unacceptable design | Refuse to proceed, explain why |
| Tier | Source Type | Scrutiny Level |
|---|---|---|
| 1 | Official project/exchange org | Moderate |
| 2 | Known security teams/researchers | Moderate |
| 3 | ClawHub high-download + multi-version | Moderate-High |
| 4 | GitHub high-star + actively maintained | High — verify code |
| 5 | Unknown source, new account | Maximum scrutiny |
- MistTrack Skills — For on-chain AML risk assessment (external tool)
When a user asks to install a skill:
- Reference
reviews/skill-mcp.md - Scan files using
patterns/red-flags.md - Output report using
templates/report-skill.md
When a user provides a blockchain address:
- Validate address format
- Query AML risk data (via available tools)
- Output report using
templates/report-onchain.md
This framework is maintained by SlowMist. Contributions welcome:
- New attack patterns
- Improved detection rules
- Additional review templates
- Inspired by skill-vetter by spclaudehome
- Attack patterns informed by the OpenClaw Security Practice Guide
- Prompt injection patterns based on real-world PoC research
MIT License — Free to use, modify, and distribute.
Security is not a feature — it's a prerequisite. 🛡️
SlowMist · https://slowmist.com
