clawsec-suite

Manages ClawSec suite with monitoring, cryptographic verification, and guided setup for enhanced security skills.

Install this skill

or

1/100

Security score

The clawsec-suite skill was audited on May 12, 2026 and we found 19 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 44

Template literal with variable interpolation in command context

SourceSKILL.md

44

```bash

medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md

71

```bash

medium line 151

Template literal with variable interpolation in command context

SourceSKILL.md

151

```bash

medium line 160

Template literal with variable interpolation in command context

SourceSKILL.md

160

```bash

medium line 180

Template literal with variable interpolation in command context

SourceSKILL.md

180

```bash

high line 204

Template literal with variable interpolation in command context

SourceSKILL.md

204	- Remote feed signature URL: `${CLAWSEC_FEED_URL}.sig` (override with `CLAWSEC_FEED_SIG_URL`)

high line 207

Template literal with variable interpolation in command context

SourceSKILL.md

207	- Local feed signature: `${CLAWSEC_LOCAL_FEED}.sig` (override with `CLAWSEC_LOCAL_FEED_SIG`)

medium line 217

Template literal with variable interpolation in command context

SourceSKILL.md

217

```bash

medium line 386

Template literal with variable interpolation in command context

SourceSKILL.md

386

```bash

medium line 17

Access to hidden dotfiles in home directory

SourceSKILL.md

17	- Side effects: setup scripts install an advisory hook under `~/.openclaw/hooks`, optionally create an unattended `openclaw cron` job, and use `npx clawhub@latest install` for guarded installs

medium line 206

Access to hidden dotfiles in home directory

SourceSKILL.md

206	- Local seed fallback: `~/.openclaw/skills/clawsec-suite/advisories/feed.json`

medium line 208

Access to hidden dotfiles in home directory

SourceSKILL.md

208	- Local checksums manifest: `~/.openclaw/skills/clawsec-suite/advisories/checksums.json`

medium line 209

Access to hidden dotfiles in home directory

SourceSKILL.md

209	- Pinned feed signing key: `~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem` (override with `CLAWSEC_FEED_PUBLIC_KEY`)

medium line 210

Access to hidden dotfiles in home directory

SourceSKILL.md

210	- State file: `~/.openclaw/clawsec-suite-feed-state.json`

medium line 309

Access to hidden dotfiles in home directory

SourceSKILL.md

309	3. `~/.openclaw/security-audit.json`

low line 5

External URL reference

SourceSKILL.md

5	homepage: https://clawsec.prompt.security

low line 42

External URL reference

SourceSKILL.md

42	Discover the current catalog from the authoritative index (`https://clawsec.prompt.security/skills/index.json`) at runtime:

low line 203

External URL reference

SourceSKILL.md

203	- Remote feed URL: `https://clawsec.prompt.security/advisories/feed.json`

low line 218

External URL reference

SourceSKILL.md

218	FEED_URL="${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}"

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 623

Rate this skill

Categorydevelopment

UpdatedMay 13, 2026

frontend docx git api testing devops security-engineer devops-sre development

prompt-security/clawsec