clawsec-suite

Manages ClawSec suite with monitoring, cryptographic verification, and guided setup for enhanced security skills.

Install this skill

or

6/100

Security score

The clawsec-suite skill was audited on Mar 2, 2026 and we found 18 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 37

Template literal with variable interpolation in command context

SourceSKILL.md

37

```bash

medium line 64

Template literal with variable interpolation in command context

SourceSKILL.md

64

```bash

medium line 144

Template literal with variable interpolation in command context

SourceSKILL.md

144

```bash

medium line 151

Template literal with variable interpolation in command context

SourceSKILL.md

151

```bash

medium line 169

Template literal with variable interpolation in command context

SourceSKILL.md

169

```bash

high line 193

Template literal with variable interpolation in command context

SourceSKILL.md

193	- Remote feed signature URL: `${CLAWSEC_FEED_URL}.sig` (override with `CLAWSEC_FEED_SIG_URL`)

high line 196

Template literal with variable interpolation in command context

SourceSKILL.md

196	- Local feed signature: `${CLAWSEC_LOCAL_FEED}.sig` (override with `CLAWSEC_LOCAL_FEED_SIG`)

medium line 206

Template literal with variable interpolation in command context

SourceSKILL.md

206

```bash

medium line 375

Template literal with variable interpolation in command context

SourceSKILL.md

375

```bash

medium line 195

Access to hidden dotfiles in home directory

SourceSKILL.md

195	- Local seed fallback: `~/.openclaw/skills/clawsec-suite/advisories/feed.json`

medium line 197

Access to hidden dotfiles in home directory

SourceSKILL.md

197	- Local checksums manifest: `~/.openclaw/skills/clawsec-suite/advisories/checksums.json`

medium line 198

Access to hidden dotfiles in home directory

SourceSKILL.md

198	- Pinned feed signing key: `~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem` (override with `CLAWSEC_FEED_PUBLIC_KEY`)

medium line 199

Access to hidden dotfiles in home directory

SourceSKILL.md

199	- State file: `~/.openclaw/clawsec-suite-feed-state.json`

medium line 298

Access to hidden dotfiles in home directory

SourceSKILL.md

298	3. `~/.openclaw/security-audit.json`

low line 5

External URL reference

SourceSKILL.md

5	homepage: https://clawsec.prompt.security

low line 35

External URL reference

SourceSKILL.md

35	Discover the current catalog from the authoritative index (`https://clawsec.prompt.security/skills/index.json`) at runtime:

low line 192

External URL reference

SourceSKILL.md

192	- Remote feed URL: `https://clawsec.prompt.security/advisories/feed.json`

low line 207

External URL reference

SourceSKILL.md

207	FEED_URL="${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}"

Scanned on Mar 2, 2026

View Security Dashboard

Install this skill with one command

/learn @prompt-security/clawsec-suite

GitHub Stars 623

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw security-engineer devops-sre development

prompt-security/clawsec