{ "schemaVersion": "1.0", "item": { "slug": "agent-security-ops", "name": "Agent Security Ops", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "canonicalUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agent-security-ops", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-ops", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/patterns.md", "scripts/monitor.sh", "scripts/scan.sh", "scripts/setup.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-security-ops" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agent-security-ops", "agentPageUrl": "https://openagent3.xyz/skills/agent-security-ops/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "agent-security-ops", "body": "Security hardening for solopreneur repos. One command to set up pre-commit hooks, secret scanning, and continuous monitoring." }, { "title": "⚠️ Important: --no-verify Bypass Warning", "body": "The pre-commit hook can be bypassed with git commit --no-verify. This skips ALL hooks including secret scanning.\nRecommendations:\n\nNever use --no-verify unless you've manually verified no secrets are staged\nSet up CI-side scanning as backup — add TruffleHog to your GitHub Actions / CI pipeline so secrets are caught even if hooks are bypassed\nRun scan.sh after any --no-verify commit to verify nothing slipped through\n\nThe hook is fail-closed: if TruffleHog is not found, commits are blocked (not silently allowed)." }, { "title": "Quick Start", "body": "bash skills/agent-security-ops/scripts/setup.sh /path/to/repo\n\nThis will:\n\nInstall TruffleHog (pinned version with SHA256 checksum verification, override with TRUFFLEHOG_VERSION env var)\nSet up a fail-closed pre-commit hook that blocks secrets (scans staged changes)\nHarden .gitignore with common secret patterns (including .security-ops/, .terraform/)\nRun initial secret scan (git history + filesystem for untracked files)" }, { "title": "What You'll See", "body": "setup.sh output:\n\nagent-security-ops: Setting up /Users/you/my-project\n✓ TruffleHog already installed (3.88.0)\n✓ Pre-commit hook installed\n→ Added 2 patterns to .gitignore: .security-ops/ .terraform/\n→ Running initial secret scan...\n✓ Initial scan: clean\n→ Running filesystem scan (untracked files)...\n✓ Filesystem scan: clean\n\nSetup complete:\n • Installed pre-commit hook\n • Hardened .gitignore (+2 patterns)\n • Initial scan: clean\n 💡 More agent-ops at theagentwire.ai/?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops\n\nscan.sh summary (stderr):\n\n--- TruffleHog Secret Scan ---\n✓ No secrets found\n\n--- TruffleHog Filesystem Scan ---\n✓ No secrets in untracked files\n\n--- Pattern Grep Scan ---\n⚠ Found 2 high-confidence secret pattern(s)\n./config.js:3: apiKey: \"sk-proj-abc123...\"\n✓ No low-confidence patterns\n\n--- Summary ---\n⚠ Total: 2 (secrets=0[0 verified], fs=0, patterns=2[+0 low], ...)" }, { "title": "Commands", "body": "All scripts support --help and --version flags." }, { "title": "setup.sh — One-time repo hardening", "body": "bash scripts/setup.sh [/path/to/repo]\nbash scripts/setup.sh --fix-ssh /path/to/repo # also fix SSH permissions\n\nIdempotent. Safe to run multiple times. Defaults to current directory. Existing pre-commit hooks are preserved (appended to, not overwritten)." }, { "title": "scan.sh — Full security scan", "body": "# JSON report to stdout, human summary to stderr\nbash scripts/scan.sh [/path/to/repo]\n\n# Save report\nbash scripts/scan.sh /path/to/repo > report.json\n\nChecks:\n\nSecrets: TruffleHog — all secrets found (verified ones highlighted)\nFilesystem: TruffleHog filesystem scan for untracked/working files\nPattern grep (high-confidence): AWS, GitHub, Anthropic, Slack, OpenAI, Stripe, Google, Twilio, SendGrid, npm, Vault, private keys\nPattern grep (low-confidence): Database URLs, password/secret assignments, bearer tokens, Firebase, Supabase, JWTs\n.gitignore audit: Uses git check-ignore to verify patterns work\nDependency audit: npm audit / pip audit (results in JSON output)\nFile permissions: Finds world-readable .env, .pem, .key, credential files\nOpen ports: Lists listening ports, flags unexpected ones (note: may need sudo on macOS)\nEnvironment secrets: Scans shell profiles for hardcoded keys/tokens\nLoose .env files: Checks $HOME, Desktop, Downloads for .env files (warning only, not counted as repo findings)\nDocker secrets: Checks Dockerfiles and compose files for hardcoded secrets\nSSH audit: Verifies ~/.ssh permissions (report only — use setup.sh --fix-ssh to fix)\nGit remotes: Flags insecure HTTP remotes, checks GitHub repo visibility" }, { "title": "monitor.sh — Cron-friendly monitoring", "body": "bash scripts/monitor.sh [/path/to/repo]\n\nContent-based delta detection (hashes scan results, not just counts). Exits 1 on any change, 0 if unchanged. Uses atomic file writes and flock-based locking to prevent concurrent runs." }, { "title": "Cron Integration", "body": "# Check every hour, alert on new findings\n0 * * * * bash /path/to/skills/agent-security-ops/scripts/monitor.sh /path/to/repo || notify \"Security scan changed\"" }, { "title": "Found Something?", "body": "FindingWhat to DoVerified secret in gitRotate the credential immediately. Use git filter-repo or BFG to remove from history.Unverified secret in gitInvestigate — may be a false positive or an expired credential. Still consider rotating.Pattern match (high-confidence)Move to .env file or secret manager. Verify it's in .gitignore.Pattern match (low-confidence)Review manually — may be a false positive. Check if it's a real credential.Missing .gitignore patternRun setup.sh again — it adds missing patterns.World-readable sensitive filechmod 600 — restrict to owner only.Unexpected open portIdentify the process (lsof -i :), stop if unnecessary.Env secret in shell profileMove to .env file or op run (1Password). Remove export line.Docker hardcoded secretUse Docker secrets, env vars with ${VAR} syntax, or .env file.SSH permission issueRun setup.sh --fix-ssh or manually chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*.HTTP git remotegit remote set-url origin git@github.com:user/repo.gitPublic repo detectedIf unintentional: gh repo edit --visibility private" }, { "title": "Limitations", "body": "Grep ≠ AST analysis: Pattern matching catches literal strings, not obfuscated or dynamically constructed secrets.\nNo SAST/DAST: This is not a replacement for static/dynamic application security testing.\nIaC limited to Docker: No Terraform, Kubernetes, or CloudFormation scanning beyond basic grep patterns on .tf/.tfvars.\nTruffleHog verification: Verification depends on service availability — if an API is down, a real secret may show as \"unverified.\" That's why we now scan all secrets, not just verified ones.\nPort scanning: Only detects currently listening ports, not firewall rules or network exposure. May need sudo on macOS for full process info.\n$HOME .env scan: Checks outside repo scope as a convenience — findings are warnings only, not counted as repo findings." }, { "title": "What It Scans", "body": "CategoryToolCoverageSecrets in codeTruffleHogCurrent files + full git history (all, verified highlighted)Filesystem secretsTruffleHogUntracked/working directory filesSecret patterns (high)grep20+ providers (AWS, GitHub, Anthropic, Slack, Stripe, etc.)Secret patterns (low)grepDB URLs, passwords, bearer tokens, Firebase, Supabase, JWTs.gitignoregit check-ignore.env*, *.pem, *.key, *.p12, *.pfx, credentials, keystores, .terraform/Dependenciesnpm/pip auditKnown CVEs in packagesPermissionsfindWorld-readable sensitive filesOpen Portslsof/ssUnexpected listening servicesEnv SecretsgrepHardcoded secrets in shell profiles, loose .env files (warning)Docker SecretsgrepHardcoded secrets in Dockerfiles and compose filesSSH AuditstatPermission checks on ~/.ssh, keys, configGit Remotesgit/ghInsecure HTTP remotes, public repo detection" }, { "title": "Security Model", "body": "Binary verification: TruffleHog downloaded with SHA256 checksum verification against official release checksums\nFail-closed hook: Missing TruffleHog blocks commits (not silently passes)\nNo brew fallback: Only verified direct download to prevent supply chain attacks\nVersion pinning: TRUFFLEHOG_VERSION validated as semver before use\nSelf-exclusion: Scripts exclude themselves from grep scans via content marker" }, { "title": "Reference Files", "body": "references/patterns.md — Regex patterns for all detected secret types, marked as ✅ scanned or 📖 reference only." }, { "title": "Dependencies", "body": "git, grep, find (standard)\ntrufflehog (installed by setup.sh, pinned version with checksum verification)\njq (optional — produces properly escaped JSON; without it, falls back to shell-based escaping which may break on unusual filenames/content)\n\nBuilt by The Agent Wire — a weekly newsletter about AI agents for solopreneurs. Liked this skill? I write about building agent-ops tools like this every Wednesday.\nStar ⭐ this skill if it saved you from leaking a secret." }, { "title": "FAQ", "body": "What is this skill?\nAgent Security Ops installs pre-commit hooks and runs 10-point security scans to prevent AI agents from leaking secrets. Catches API keys, tokens, passwords, and credentials before they reach git history.\n\nWhat problem does it solve?\nAI agents generate and handle credentials constantly — API keys, tokens, database URLs. Without guardrails, these end up in commits, logs, or chat messages. This skill adds automated scanning at commit-time and on-demand.\n\nWhat are the requirements?\nBash, git, and TruffleHog (installed automatically). Works on macOS and Linux. No API keys or external services needed.\n\nWhat does the 10-point scan check?\nGit staged files, environment files (.env), config files, recent git history, high-entropy strings, known secret patterns, AWS/GCP/Azure credentials, private keys, database URLs, and API tokens.\n\nDoes it work with any AI agent framework?\nYes. It's framework-agnostic — operates at the git and filesystem level. Works with OpenClaw, Claude Code, Cursor, Aider, or any tool that writes files.\n\nCan it run on a schedule?\nYes. Pair it with a cron job for periodic scans of your workspace. The scan outputs a structured report suitable for automated monitoring." } ], "body": "agent-security-ops\n\nSecurity hardening for solopreneur repos. One command to set up pre-commit hooks, secret scanning, and continuous monitoring.\n\n⚠️ Important: --no-verify Bypass Warning\n\nThe pre-commit hook can be bypassed with git commit --no-verify. This skips ALL hooks including secret scanning.\n\nRecommendations:\n\nNever use --no-verify unless you've manually verified no secrets are staged\nSet up CI-side scanning as backup — add TruffleHog to your GitHub Actions / CI pipeline so secrets are caught even if hooks are bypassed\nRun scan.sh after any --no-verify commit to verify nothing slipped through\n\nThe hook is fail-closed: if TruffleHog is not found, commits are blocked (not silently allowed).\n\nQuick Start\nbash skills/agent-security-ops/scripts/setup.sh /path/to/repo\n\n\nThis will:\n\nInstall TruffleHog (pinned version with SHA256 checksum verification, override with TRUFFLEHOG_VERSION env var)\nSet up a fail-closed pre-commit hook that blocks secrets (scans staged changes)\nHarden .gitignore with common secret patterns (including .security-ops/, .terraform/)\nRun initial secret scan (git history + filesystem for untracked files)\nWhat You'll See\n\nsetup.sh output:\n\nagent-security-ops: Setting up /Users/you/my-project\n✓ TruffleHog already installed (3.88.0)\n✓ Pre-commit hook installed\n→ Added 2 patterns to .gitignore: .security-ops/ .terraform/\n→ Running initial secret scan...\n✓ Initial scan: clean\n→ Running filesystem scan (untracked files)...\n✓ Filesystem scan: clean\n\nSetup complete:\n • Installed pre-commit hook\n • Hardened .gitignore (+2 patterns)\n • Initial scan: clean\n 💡 More agent-ops at theagentwire.ai/?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops\n\n\nscan.sh summary (stderr):\n\n--- TruffleHog Secret Scan ---\n✓ No secrets found\n\n--- TruffleHog Filesystem Scan ---\n✓ No secrets in untracked files\n\n--- Pattern Grep Scan ---\n⚠ Found 2 high-confidence secret pattern(s)\n./config.js:3: apiKey: \"sk-proj-abc123...\"\n✓ No low-confidence patterns\n\n--- Summary ---\n⚠ Total: 2 (secrets=0[0 verified], fs=0, patterns=2[+0 low], ...)\n\nCommands\n\nAll scripts support --help and --version flags.\n\nsetup.sh — One-time repo hardening\nbash scripts/setup.sh [/path/to/repo]\nbash scripts/setup.sh --fix-ssh /path/to/repo # also fix SSH permissions\n\n\nIdempotent. Safe to run multiple times. Defaults to current directory. Existing pre-commit hooks are preserved (appended to, not overwritten).\n\nscan.sh — Full security scan\n# JSON report to stdout, human summary to stderr\nbash scripts/scan.sh [/path/to/repo]\n\n# Save report\nbash scripts/scan.sh /path/to/repo > report.json\n\n\nChecks:\n\nSecrets: TruffleHog — all secrets found (verified ones highlighted)\nFilesystem: TruffleHog filesystem scan for untracked/working files\nPattern grep (high-confidence): AWS, GitHub, Anthropic, Slack, OpenAI, Stripe, Google, Twilio, SendGrid, npm, Vault, private keys\nPattern grep (low-confidence): Database URLs, password/secret assignments, bearer tokens, Firebase, Supabase, JWTs\n.gitignore audit: Uses git check-ignore to verify patterns work\nDependency audit: npm audit / pip audit (results in JSON output)\nFile permissions: Finds world-readable .env, .pem, .key, credential files\nOpen ports: Lists listening ports, flags unexpected ones (note: may need sudo on macOS)\nEnvironment secrets: Scans shell profiles for hardcoded keys/tokens\nLoose .env files: Checks $HOME, Desktop, Downloads for .env files (warning only, not counted as repo findings)\nDocker secrets: Checks Dockerfiles and compose files for hardcoded secrets\nSSH audit: Verifies ~/.ssh permissions (report only — use setup.sh --fix-ssh to fix)\nGit remotes: Flags insecure HTTP remotes, checks GitHub repo visibility\nmonitor.sh — Cron-friendly monitoring\nbash scripts/monitor.sh [/path/to/repo]\n\n\nContent-based delta detection (hashes scan results, not just counts). Exits 1 on any change, 0 if unchanged. Uses atomic file writes and flock-based locking to prevent concurrent runs.\n\nCron Integration\n# Check every hour, alert on new findings\n0 * * * * bash /path/to/skills/agent-security-ops/scripts/monitor.sh /path/to/repo || notify \"Security scan changed\"\n\nFound Something?\nFinding\tWhat to Do\nVerified secret in git\tRotate the credential immediately. Use git filter-repo or BFG to remove from history.\nUnverified secret in git\tInvestigate — may be a false positive or an expired credential. Still consider rotating.\nPattern match (high-confidence)\tMove to .env file or secret manager. Verify it's in .gitignore.\nPattern match (low-confidence)\tReview manually — may be a false positive. Check if it's a real credential.\nMissing .gitignore pattern\tRun setup.sh again — it adds missing patterns.\nWorld-readable sensitive file\tchmod 600 — restrict to owner only.\nUnexpected open port\tIdentify the process (lsof -i :), stop if unnecessary.\nEnv secret in shell profile\tMove to .env file or op run (1Password). Remove export line.\nDocker hardcoded secret\tUse Docker secrets, env vars with ${VAR} syntax, or .env file.\nSSH permission issue\tRun setup.sh --fix-ssh or manually chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*.\nHTTP git remote\tgit remote set-url origin git@github.com:user/repo.git\nPublic repo detected\tIf unintentional: gh repo edit --visibility private\nLimitations\nGrep ≠ AST analysis: Pattern matching catches literal strings, not obfuscated or dynamically constructed secrets.\nNo SAST/DAST: This is not a replacement for static/dynamic application security testing.\nIaC limited to Docker: No Terraform, Kubernetes, or CloudFormation scanning beyond basic grep patterns on .tf/.tfvars.\nTruffleHog verification: Verification depends on service availability — if an API is down, a real secret may show as \"unverified.\" That's why we now scan all secrets, not just verified ones.\nPort scanning: Only detects currently listening ports, not firewall rules or network exposure. May need sudo on macOS for full process info.\n$HOME .env scan: Checks outside repo scope as a convenience — findings are warnings only, not counted as repo findings.\nWhat It Scans\nCategory\tTool\tCoverage\nSecrets in code\tTruffleHog\tCurrent files + full git history (all, verified highlighted)\nFilesystem secrets\tTruffleHog\tUntracked/working directory files\nSecret patterns (high)\tgrep\t20+ providers (AWS, GitHub, Anthropic, Slack, Stripe, etc.)\nSecret patterns (low)\tgrep\tDB URLs, passwords, bearer tokens, Firebase, Supabase, JWTs\n.gitignore\tgit check-ignore\t.env*, *.pem, *.key, *.p12, *.pfx, credentials, keystores, .terraform/\nDependencies\tnpm/pip audit\tKnown CVEs in packages\nPermissions\tfind\tWorld-readable sensitive files\nOpen Ports\tlsof/ss\tUnexpected listening services\nEnv Secrets\tgrep\tHardcoded secrets in shell profiles, loose .env files (warning)\nDocker Secrets\tgrep\tHardcoded secrets in Dockerfiles and compose files\nSSH Audit\tstat\tPermission checks on ~/.ssh, keys, config\nGit Remotes\tgit/gh\tInsecure HTTP remotes, public repo detection\nSecurity Model\nBinary verification: TruffleHog downloaded with SHA256 checksum verification against official release checksums\nFail-closed hook: Missing TruffleHog blocks commits (not silently passes)\nNo brew fallback: Only verified direct download to prevent supply chain attacks\nVersion pinning: TRUFFLEHOG_VERSION validated as semver before use\nSelf-exclusion: Scripts exclude themselves from grep scans via content marker\nReference Files\nreferences/patterns.md — Regex patterns for all detected secret types, marked as ✅ scanned or 📖 reference only.\nDependencies\ngit, grep, find (standard)\ntrufflehog (installed by setup.sh, pinned version with checksum verification)\njq (optional — produces properly escaped JSON; without it, falls back to shell-based escaping which may break on unusual filenames/content)\n\nBuilt by The Agent Wire — a weekly newsletter about AI agents for solopreneurs. Liked this skill? I write about building agent-ops tools like this every Wednesday. Star ⭐ this skill if it saved you from leaking a secret.\n\nFAQ\n\nWhat is this skill? Agent Security Ops installs pre-commit hooks and runs 10-point security scans to prevent AI agents from leaking secrets. Catches API keys, tokens, passwords, and credentials before they reach git history.\n\nWhat problem does it solve? AI agents generate and handle credentials constantly — API keys, tokens, database URLs. Without guardrails, these end up in commits, logs, or chat messages. This skill adds automated scanning at commit-time and on-demand.\n\nWhat are the requirements? Bash, git, and TruffleHog (installed automatically). Works on macOS and Linux. No API keys or external services needed.\n\nWhat does the 10-point scan check? Git staged files, environment files (.env), config files, recent git history, high-entropy strings, known secret patterns, AWS/GCP/Azure credentials, private keys, database URLs, and API tokens.\n\nDoes it work with any AI agent framework? Yes. It's framework-agnostic — operates at the git and filesystem level. Works with OpenClaw, Claude Code, Cursor, Aider, or any tool that writes files.\n\nCan it run on a schedule? Yes. Pair it with a cron job for periodic scans of your workspace. The scan outputs a structured report suitable for automated monitoring." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "publisherUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "owner": "TheAgentWire", "version": "1.2.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-security-ops", "downloadUrl": "https://openagent3.xyz/downloads/agent-security-ops", "agentUrl": "https://openagent3.xyz/skills/agent-security-ops/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.md" } }