⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🛡️ Agent Security

clawsec-nanoclawv0.0.4

Name: clawsec-nanoclaw
Author: davida-ps

clawsec-nanoclaw

davida-ps

Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot

security

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

321

Stars

CreatedFeb 25, 2026

UpdatedApr 28, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install davida-ps/clawsec-nanoclaw

Skill Package20 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B61/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation5/35

· 1 installs (minimal)
· 321 downloads (low demand)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness11/15

· skillAssets present (19 files)

Security Analysis

💙 Low Risk

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

rm -rf /

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://clawsec.prompt.security/advisories/feed.json

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

raw.githubusercontent.com

AI Analysis

The skill appears to be a legitimate security monitoring tool that checks skills against a known advisory feed. The external URL (clawsec.prompt.security) is consistent with its stated purpose of fetching security advisories, and the GitHub URL is for fetching skill manifests. The 'rm -rf /' appears to be in example code rather than actual tool implementation, but still warrants caution.

💡

Usage Guide

Generated Mar 20, 2026

WhatsApp bot developersIT security teams managing bot deploymentsbeginner

💡 Application Scenarios

WhatsApp Bot Security Auditing for Small BusinessesE-commerce

A small e-commerce company uses a WhatsApp bot for customer support and order tracking. They regularly install new skills to add features like payment processing or inventory checks. Before each installation, they use ClawSec to check for vulnerabilities, ensuring no known exploits compromise customer data or transaction security.

Healthcare Compliance Monitoring for Patient Interaction BotsHealthcare

A healthcare provider employs a WhatsApp bot to schedule appointments and send medication reminders. They must comply with data protection regulations like HIPAA. ClawSec helps audit installed skills for security advisories, preventing vulnerabilities that could lead to data breaches and ensuring patient information remains secure.

Financial Services Bot Vulnerability PreventionFinancial Services

A fintech startup uses a WhatsApp bot for basic banking queries and fraud alerts. They integrate third-party skills for currency conversion and transaction history. ClawSec is used to perform pre-installation checks and periodic audits, mitigating risks of financial fraud or unauthorized access through vulnerable dependencies.

Educational Institution Skill Safety for Student BotsEducation

A university deploys a WhatsApp bot to assist students with course registration and campus updates. They frequently update skills to add new functionalities. ClawSec ensures that before installing any skill, it is checked against security advisories, protecting student data and maintaining system integrity against potential exploits.

Supply Chain Security for Logistics BotsLogistics

A logistics company uses a WhatsApp bot to track shipments and communicate with drivers. They rely on various skills for route optimization and weather updates. ClawSec monitors these skills for vulnerabilities, preventing supply chain attacks that could disrupt operations or leak sensitive shipment details.

💼 Business Models

Subscription-Based Security ServiceRecurring subscription fees

Offer ClawSec as a monthly or annual subscription for businesses using WhatsApp bots. Provide regular updates to the advisory feed, priority support, and automated audit reports. Revenue is generated through tiered pricing based on the number of skills monitored or bot usage scale.

Freemium Model with Premium FeaturesPremium feature upgrades and enterprise licensing

Provide basic vulnerability checks for free to attract users, with limitations on the number of skills or audit frequency. Charge for advanced features like real-time alerts, detailed exploitability analysis, and integration with other security tools. Revenue comes from upgrades and enterprise plans.

Consulting and Custom Integration ServicesProject-based fees and retainer contracts

Offer professional services to help businesses integrate ClawSec into their existing bot ecosystems, including custom security policies and training. Revenue is generated through one-time project fees or ongoing retainer agreements for security oversight and incident response support.

💬 Integration Tip

Integrate ClawSec's pre-installation check into your skill installation workflow to automatically block unsafe installations, and set up scheduled audits to catch vulnerabilities in existing skills.