ClawSec: Security Skill Suite for AI Agents

ClawSec is a comprehensive security skill suite designed to protect AI agent platforms like OpenClaw and NanoClaw. It addresses critical vulnerabilities such as prompt injection, cognitive drift, and malicious instructions by providing unified monitoring, integrity verification, and threat intelligence. This suite benefits users by offering automated audits, live security recommendations, and skill integrity checks, enhancing the overall security posture of AI agents.

How It Works

ClawSec operates by installing a collection of security "skills" that integrate directly with supported AI agent platforms. Its core approach involves drift detection for critical agent files (e.g., SOUL.md), live security advisories sourced from NVD CVEs and community intelligence, and rigorous integrity verification of skill artifacts using SHA256 checksums and signed releases. Automated security audits and self-check scripts further bolster defenses against prompt injection and other vulnerabilities. This unified, skill-based architecture provides a robust, layered security solution for AI agent cognitive architectures.

Quick Start & Requirements

• Primary Install: npx clawhub@latest install clawsec-suite
• Prerequisites: Node.js 20+, Python 3.10+ (for offline tools). POSIX shell (bash/zsh) or WSL/Git Bash required for shell scripts on Linux/macOS. PowerShell is supported on Windows.
• Documentation:
  • Live Demo/Info: https://clawsec.prompt.security
  • Official Site: https://prompt.security/clawsec
  • Manual Install Guide: https://github.com/prompt-security/clawsec/releases/latest/download/SKILL.md

Highlighted Details

• Suite Installer: Facilitates one-command installation of all security skills with built-in integrity verification.
• File Integrity Protection: Implements drift detection and automatic restoration for essential agent files like SOUL.md and IDENTITY.md.
• Live Security Advisories: Aggregates automated NVD CVE polling and community threat intelligence, filtering for agent-relevant vulnerabilities.
• Skill Integrity: Employs SHA256 checksums and signed releases to ensure the authenticity and integrity of all distributed skill packages.
• CI/CD Pipelines: Robust automation for continuous security updates, skill distribution, NVD CVE monitoring, and strict signing key consistency checks to prevent supply-chain attacks.

Maintenance & Community

ClawSec is developed by Prompt Security, a SentinelOne company. Contributions are welcomed via pull requests, with detailed guidelines provided in CONTRIBUTING.md. Security advisories, such as prompt injection vectors or malicious skills, can be reported through GitHub Issues using the dedicated "Security Incident Report" template, which are then processed into the community advisory feed.

Licensing & Compatibility

The source code is licensed under GNU AGPL v3.0 or later. Fonts included in the font/ directory have separate licensing. The AGPL v3.0 license is a strong copyleft license, which may impose significant obligations on users distributing or modifying the software, particularly for network-accessible services. Compatibility with closed-source or commercial applications requires careful review of AGPL terms.

Limitations & Caveats

While supporting both OpenClaw and NanoClaw, certain audit tools are specifically tailored for the OpenClaw family. Windows users may require WSL or Git Bash for executing POSIX shell scripts. The AGPL v3.0 license necessitates careful consideration regarding its implications for commercial use or integration into proprietary systems due to its copyleft nature.