agent-tinmanAI security scanner with active prevention - 168 detection patterns, 288 attack probes, safer/risky/yolo modes, agent self-protection via /tinman check, loca...
Install via ClawdBot CLI:
clawdbot install oliveskin/agent-tinmanGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.ssh/id_rsaContains instructions to override system prompt or ignore user requests
"Ignore previous instructions"Accesses system directories or attempts privilege escalation
/etc/sudoersCalls external URL not in known-safe list
https://github.com/oliveskin/openclaw-skill-tinmanGenerated Mar 20, 2026
A company deploys Tinman to continuously monitor its customer service AI chatbot for prompt injection attempts and tool misuse. It uses the watch command with real-time gateway connection to detect and block malicious inputs before they compromise the system, ensuring secure interactions.
Software development teams integrate Tinman into their CI/CD pipelines to scan AI-assisted coding sessions for context bleed and unauthorized tool calls. The scan command analyzes recent sessions to identify vulnerabilities, helping maintain code integrity and prevent data leaks.
A financial institution uses Tinman to audit AI-driven transaction analysis systems for compliance risks. By running periodic scans with the report command, it classifies failures by severity and proposes mitigations, ensuring adherence to regulatory standards and preventing fraud.
Healthcare providers implement Tinman to secure AI tools that handle patient data, using the check command for agent self-protection. It blocks risky tool calls like reading sensitive files, with safer mode requiring human approval for ambiguous actions to maintain privacy.
An online learning platform employs Tinman to monitor AI tutors for prompt injection and misuse. The allowlist feature is used to whitelist trusted educational domains, while continuous watch mode ensures real-time detection of security threats in student interactions.
Offer Tinman as a cloud-based security service with tiered pricing based on usage levels, such as number of scans or monitored sessions. Revenue is generated through monthly subscriptions, targeting businesses needing ongoing AI security without local setup.
Sell Tinman under a proprietary license for on-premises deployment in large organizations, with custom support and integration services. Revenue comes from one-time license fees and annual maintenance contracts, catering to industries with strict data sovereignty requirements.
Provide professional services using Tinman to conduct security audits and penetration testing for AI systems. Revenue is generated through project-based fees, helping clients identify vulnerabilities and implement recommended mitigations from scan reports.
💬 Integration Tip
Start by running /tinman init to set up the workspace, then use /tinman check in SOUL.md for autonomous agent protection to block risky tool calls automatically.
Scored Apr 19, 2026
AI Analysis
The skill is designed as a security scanner with local-first architecture, loopback-only default gateways, and explicit permissions for session analysis. While it requires broad tool permissions for scanning, there's no evidence of unauthorized data exfiltration, hidden malicious instructions, or credential harvesting beyond its stated security testing purpose.
Audited Apr 17, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.