4e696b6f
11 verified skills
clawsec-net
ClawSec NETWORK security sub-agent. Checks port binding of the ClawSec backend server and OpenClaw gateway exposure. Read-only — never modifies network configuration. All network findings are tier approval or never. Called exclusively by clawsec-coordinator.
development
clawsec-config
ClawSec CONFIG security sub-agent. Validates openclaw.json for gateway authentication settings, MCP server exposure, and configuration file permissions. Never auto-remediates — config changes require a service restart. Called exclusively by clawsec-coordinator.
tools
clawsec-perm
ClawSec PERMISSION security sub-agent. Scans filesystem permissions for agent identity files (SOUL.md, CONSTRAINTS.md), workspace files, and session directories. Called exclusively by clawsec-coordinator.
testing
clawsec-session
ClawSec SESSION security sub-agent. Checks session log file permissions and memory store access controls. Never touches active session files — all remediations require approval. Called exclusively by clawsec-coordinator.
testing
clawsec-net
ClawSec NETWORK security sub-agent. Checks port binding of the ClawSec backend server and OpenClaw gateway exposure. Read-only — never modifies network configuration. All network findings are tier approval or never. Called exclusively by clawsec-coordinator.
development
clawsec-session
ClawSec SESSION security sub-agent. Checks session log file permissions and memory store access controls. Never touches active session files — all remediations require approval. Called exclusively by clawsec-coordinator.
testing
clawsec-perm
ClawSec PERMISSION security sub-agent. Scans filesystem permissions for agent identity files (SOUL.md, CONSTRAINTS.md), workspace files, and session directories. Called exclusively by clawsec-coordinator.
testing
clawsec-config
ClawSec CONFIG security sub-agent. Validates openclaw.json for gateway authentication settings, MCP server exposure, and configuration file permissions. Never auto-remediates — config changes require a service restart. Called exclusively by clawsec-coordinator.
tools
clawsec-env
ClawSec ENV security sub-agent. Scans for credential exposure risks: .env files not gitignored, missing pre-commit hooks, missing SECURITY.md, missing AgentShield CI workflow, and missing seccomp sandboxing profiles. Called exclusively by clawsec-coordinator.
testing
clawsec-coordinator
ClawSec 2.0 Security Orchestrator. Dispatches security scans to specialized sub-agents, aggregates results, maps to OWASP frameworks, auto-applies safe remediations, and routes approval requests. Trigger with "security scan", "sicherheitsscan", "security check", or "fix security".
development
clawsec-env
ClawSec ENV security sub-agent. Scans for credential exposure risks: .env files not gitignored, missing pre-commit hooks, missing SECURITY.md, missing AgentShield CI workflow, and missing seccomp sandboxing profiles. Called exclusively by clawsec-coordinator.
testing