🔐 Security & Audit AI Skills

L0 级技能安全安装流程。触发“安装技能/安全安装/审查权限”时，强制执行 Step0-5（查重→检索→审查→沙箱→正式安装→白名单）。

Explain, summarize, analyze, or adapt the "Republic with No Masters" / Democratic Formalism governance framework when asked to produce content, guidance, critiques, FAQs, or implementation ideas based on the manifesto in principles.md.

Integrate PayPal payments with proper webhook verification, OAuth handling, and security validation for checkout flows and subscriptions.

Transfer credentials securely between networked and air-gapped devices using QR codes without exposing passwords or storing data persistently.

Formats and pretty-prints JSON input with indentation using Expanso Edge pipelines for easy readability.

Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run.

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...

Use when the user wants a security audit, penetration test, threat model, vulnerability hunt, security fix plan, SBOM, compliance mapping, privacy assessment...

CVE vulnerability lookup via NIST NVD, CISA KEV, EPSS scores, and MITRE ATT&CK. 7 tools for real-time cybersecurity intelligence.

Store and retrieve key-value secrets — E2E encrypted vault for API keys and env vars. Do NOT use for website passwords (use ravi-passwords) or reading messag...

Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for sec...

VitaVault iOS app integration - sync Apple Health data directly to your AI agent. Auto-setup webhook, token generation, and HTTPS exposure. Works with any iP...

Send real, physical greeting cards through the mail. Design custom cards with the user, print on premium cardstock, and mail with a first-class stamp. Use when the user wants to send a card, mentions a birthday or occasion, or asks about greeting cards. Requires a free API registration (POST /v1/auth/register returns a Bearer token). Works via API — no browser needed. Homepage https://indexcards.com — privacy policy at https://indexcards.com/privacy.

Build secure access control with RBAC, ABAC, permissions, policies, and scope-based authorization.

Convert YAML input into JSON format using Expanso Edge pipelines.

Handles B2B presales and renewal negotiations with value-shift tactics and compliance checks. Use when the user mentions customer pushback on price, budget c...

Automates Kmong sign-up, identity verification, profile setup, and service registration using OpenClaw browser with SMS and captcha handling.

Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and appro...

Runtime security plugin for AI agents. Provides local-first protection against data exfiltration, credential theft, command injection, and sensitive data lea...

DNS & email security analysis powered by IntoDNS.ai - scan domains for DNS, DNSSEC, SPF, DKIM, DMARC issues

System health and security monitoring skill with 8-layer monitoring system. Provides real-time health scoring, security reporting, performance analysis, auto...

Basic threat detection and security analysis for code, files, and agent skills. Use when you need to scan for vulnerabilities, validate security patterns, detect malicious patterns, or audit codebases for security issues.

Call any API without leaking credentials. Keychains proxies requests and injects real tokens server-side — your agent never sees them.

Gateway authentication hardening and credentials audit pack. Validates device auth, Baileys credentials, webhook HMAC signatures, log configuration, and work...