Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

abzhaw/openclaw-security

Name: openclaw-security
Author: abzhaw

meta/agents/security-agent/skills/09-openclaw-security/SKILL.md

npx skillsauth add abzhaw/juliaz_agents openclaw-security

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Skill: OpenClaw Security Audit

Purpose

OpenClaw has deep access to the browser — it can read and interact with any tab it's attached to. This skill audits what it can access, what it's actually doing, and whether any skills have permissions they shouldn't.

What It Checks

Tab Access

What tabs is OpenClaw currently attached to?
Are any sensitive tabs attached (banking, email, personal accounts)?
Is the CDP (Chrome DevTools Protocol) port open unexpectedly?

Skills with Sensitive Permissions

Skills with Bash(*) — unrestricted shell access
Skills with Bash(op:*) — 1Password access (especially dangerous)
Skills with network fetch permissions to external services
Any skills created or modified in the last 24h

Gateway Config

What agent workspaces are registered?
What paths does each agent have access to?
Are any agents mapped to sensitive directories?

Logs

OpenClaw activity log: any unusual actions, bulk operations, or errors

Files to Check

/Users/raphael/juliaz_agents/openclaw/
├── gateway.yaml          — agent registrations and permissions
├── skills/               — custom skills
├── logs/                 — activity logs
└── HEURISTICS.md         — learned behaviors

Commands

# Skills with broad permissions
grep -rn "Bash(\*\|op:" /Users/raphael/juliaz_agents/openclaw/skills/ 2>/dev/null

# Check gateway for agent registrations  
cat /Users/raphael/juliaz_agents/openclaw/gateway.yaml 2>/dev/null

# Check for recently modified skills
find /Users/raphael/juliaz_agents/openclaw/skills -name "*.md" -newer /tmp/sentinel-baseline 2>/dev/null

# CDP port check
lsof -iTCP:9222 -n -P 2>/dev/null

Severity Rules

| Finding | Severity | |---------|----------| | Bash(op:*) in any skill | 🔴 Critical | | CDP port open and accepting connections | 🟠 High | | Sensitive tab (bank, email) attached | 🟠 High | | New skill added with broad permissions | 🟡 Medium | | Unrecognized agent in gateway.yaml | 🟡 Medium |

Output Format

OPENCLAW SECURITY
Skills:  ⚠️  1 skill has Bash(op:*) — openclaw/skills/email-tools
Gateway: ✅ 2 agents registered (julia, thesis-agent)
CDP:     ✅ not exposed
Tabs:    ✅ no sensitive tabs detected

abzhaw/openclaw-security

meta/agents/security-agent/skills/09-openclaw-security/SKILL.md

Audit OpenClaw browser extension security — tab access scope, CDP connections, and skills with sensitive permissions

tools

Updated Mar 27, 2026

$ install --global

skillsauth

npx skillsauth add abzhaw/juliaz_agents openclaw-security

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 30, 2026, 12:37 PM57.4s1 file scanned

SKILL.md

name:: openclaw-security
description:: Audit OpenClaw browser extension security — tab access scope, CDP connections, and skills with sensitive permissions

Skill: OpenClaw Security Audit

Purpose

What It Checks

Tab Access

What tabs is OpenClaw currently attached to?
Are any sensitive tabs attached (banking, email, personal accounts)?
Is the CDP (Chrome DevTools Protocol) port open unexpectedly?

Skills with Sensitive Permissions

Skills with Bash(*) — unrestricted shell access
Skills with Bash(op:*) — 1Password access (especially dangerous)
Skills with network fetch permissions to external services
Any skills created or modified in the last 24h

Gateway Config

What agent workspaces are registered?
What paths does each agent have access to?
Are any agents mapped to sensitive directories?

Logs

OpenClaw activity log: any unusual actions, bulk operations, or errors

Files to Check

/Users/raphael/juliaz_agents/openclaw/
├── gateway.yaml          — agent registrations and permissions
├── skills/               — custom skills
├── logs/                 — activity logs
└── HEURISTICS.md         — learned behaviors

Commands

# Skills with broad permissions
grep -rn "Bash(\*\|op:" /Users/raphael/juliaz_agents/openclaw/skills/ 2>/dev/null

# Check gateway for agent registrations  
cat /Users/raphael/juliaz_agents/openclaw/gateway.yaml 2>/dev/null

# Check for recently modified skills
find /Users/raphael/juliaz_agents/openclaw/skills -name "*.md" -newer /tmp/sentinel-baseline 2>/dev/null

# CDP port check
lsof -iTCP:9222 -n -P 2>/dev/null

Severity Rules

Output Format

OPENCLAW SECURITY
Skills:  ⚠️  1 skill has Bash(op:*) — openclaw/skills/email-tools
Gateway: ✅ 2 agents registered (julia, thesis-agent)
CDP:     ✅ not exposed
Tabs:    ✅ no sensitive tabs detected

Related Skills

abzhaw/thesis-tracker

development

VerifiedTrustedCommunity

Fortschrittsverfolgung der Masterarbeit. Wortanzahl pro Kapitel, Fertigstellungsgrad, fehlende Elemente, Deadlines. Haelt den Ueberblick.

SKILL.mdUpdated Mar 27, 2026

abzhaw/thesis-tracker

abzhaw/thesis-structure

development

VerifiedTrustedCommunity

Kapitelarchitektur und Gliederung der Masterarbeit. Verwaltet die Struktur, schlaegt vor wo Inhalte hingehoeren, validiert den logischen Fluss zwischen Kapiteln.

SKILL.mdUpdated Mar 27, 2026

abzhaw/thesis-structure

abzhaw/session-synthesizer

tools

VerifiedTrustedCommunity

Konvertiert Protokolleinträge und Session-Logs in thesis-fähiges deutsches Narrativ. Transformiert Entwicklungsdokumentation in akademische Prosa.

SKILL.mdUpdated Mar 27, 2026

abzhaw/session-synthesizer

abzhaw/research-scout

research

VerifiedTrustedCommunity

Sucht und analysiert akademische Literatur. Findet relevante Papers, erstellt strukturierte Zusammenfassungen. Zitiert NIEMALS — schlaegt nur vor.

SKILL.mdUpdated Mar 27, 2026

abzhaw/research-scout

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/abzhaw/juliaz_agents.git

# Copy into Claude Code skills folder (global)
cp -r juliaz_agents/meta/agents/security-agent/skills/09-openclaw-security ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

abzhaw/juliaz_agents

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT