# Send Agent Security Ops to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "agent-security-ops", "name": "Agent Security Ops", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "canonicalUrl": "https://clawhub.ai/TheAgentWire/agent-security-ops", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/agent-security-ops", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-ops", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "references/patterns.md", "scripts/monitor.sh", "scripts/scan.sh", "scripts/setup.sh" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "agent-security-ops", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T08:36:53.211Z", "expiresAt": "2026-05-06T08:36:53.211Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-ops", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-security-ops", "contentDisposition": "attachment; filename=\"agent-security-ops-1.2.2.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "agent-security-ops" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-security-ops" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-security-ops", "downloadUrl": "https://openagent3.xyz/downloads/agent-security-ops", "agentUrl": "https://openagent3.xyz/skills/agent-security-ops/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-security-ops/agent.md" } } ``` ## Documentation ### agent-security-ops Security hardening for solopreneur repos. One command to set up pre-commit hooks, secret scanning, and continuous monitoring. ### ⚠️ Important: --no-verify Bypass Warning The pre-commit hook can be bypassed with git commit --no-verify. This skips ALL hooks including secret scanning. Recommendations: Never use --no-verify unless you've manually verified no secrets are staged Set up CI-side scanning as backup — add TruffleHog to your GitHub Actions / CI pipeline so secrets are caught even if hooks are bypassed Run scan.sh after any --no-verify commit to verify nothing slipped through The hook is fail-closed: if TruffleHog is not found, commits are blocked (not silently allowed). ### Quick Start bash skills/agent-security-ops/scripts/setup.sh /path/to/repo This will: Install TruffleHog (pinned version with SHA256 checksum verification, override with TRUFFLEHOG_VERSION env var) Set up a fail-closed pre-commit hook that blocks secrets (scans staged changes) Harden .gitignore with common secret patterns (including .security-ops/, .terraform/) Run initial secret scan (git history + filesystem for untracked files) ### What You'll See setup.sh output: agent-security-ops: Setting up /Users/you/my-project ✓ TruffleHog already installed (3.88.0) ✓ Pre-commit hook installed → Added 2 patterns to .gitignore: .security-ops/ .terraform/ → Running initial secret scan... ✓ Initial scan: clean → Running filesystem scan (untracked files)... ✓ Filesystem scan: clean Setup complete: • Installed pre-commit hook • Hardened .gitignore (+2 patterns) • Initial scan: clean 💡 More agent-ops at theagentwire.ai/?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops scan.sh summary (stderr): --- TruffleHog Secret Scan --- ✓ No secrets found --- TruffleHog Filesystem Scan --- ✓ No secrets in untracked files --- Pattern Grep Scan --- ⚠ Found 2 high-confidence secret pattern(s) ./config.js:3: apiKey: "sk-proj-abc123..." ✓ No low-confidence patterns --- Summary --- ⚠ Total: 2 (secrets=0[0 verified], fs=0, patterns=2[+0 low], ...) ### Commands All scripts support --help and --version flags. ### setup.sh — One-time repo hardening bash scripts/setup.sh [/path/to/repo] bash scripts/setup.sh --fix-ssh /path/to/repo # also fix SSH permissions Idempotent. Safe to run multiple times. Defaults to current directory. Existing pre-commit hooks are preserved (appended to, not overwritten). ### scan.sh — Full security scan # JSON report to stdout, human summary to stderr bash scripts/scan.sh [/path/to/repo] # Save report bash scripts/scan.sh /path/to/repo > report.json Checks: Secrets: TruffleHog — all secrets found (verified ones highlighted) Filesystem: TruffleHog filesystem scan for untracked/working files Pattern grep (high-confidence): AWS, GitHub, Anthropic, Slack, OpenAI, Stripe, Google, Twilio, SendGrid, npm, Vault, private keys Pattern grep (low-confidence): Database URLs, password/secret assignments, bearer tokens, Firebase, Supabase, JWTs .gitignore audit: Uses git check-ignore to verify patterns work Dependency audit: npm audit / pip audit (results in JSON output) File permissions: Finds world-readable .env, .pem, .key, credential files Open ports: Lists listening ports, flags unexpected ones (note: may need sudo on macOS) Environment secrets: Scans shell profiles for hardcoded keys/tokens Loose .env files: Checks $HOME, Desktop, Downloads for .env files (warning only, not counted as repo findings) Docker secrets: Checks Dockerfiles and compose files for hardcoded secrets SSH audit: Verifies ~/.ssh permissions (report only — use setup.sh --fix-ssh to fix) Git remotes: Flags insecure HTTP remotes, checks GitHub repo visibility ### monitor.sh — Cron-friendly monitoring bash scripts/monitor.sh [/path/to/repo] Content-based delta detection (hashes scan results, not just counts). Exits 1 on any change, 0 if unchanged. Uses atomic file writes and flock-based locking to prevent concurrent runs. ### Cron Integration # Check every hour, alert on new findings 0 * * * * bash /path/to/skills/agent-security-ops/scripts/monitor.sh /path/to/repo || notify "Security scan changed" ### Found Something? FindingWhat to DoVerified secret in gitRotate the credential immediately. Use git filter-repo or BFG to remove from history.Unverified secret in gitInvestigate — may be a false positive or an expired credential. Still consider rotating.Pattern match (high-confidence)Move to .env file or secret manager. Verify it's in .gitignore.Pattern match (low-confidence)Review manually — may be a false positive. Check if it's a real credential.Missing .gitignore patternRun setup.sh again — it adds missing patterns.World-readable sensitive filechmod 600 — restrict to owner only.Unexpected open portIdentify the process (lsof -i :), stop if unnecessary.Env secret in shell profileMove to .env file or op run (1Password). Remove export line.Docker hardcoded secretUse Docker secrets, env vars with ${VAR} syntax, or .env file.SSH permission issueRun setup.sh --fix-ssh or manually chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*.HTTP git remotegit remote set-url origin git@github.com:user/repo.gitPublic repo detectedIf unintentional: gh repo edit --visibility private ### Limitations Grep ≠ AST analysis: Pattern matching catches literal strings, not obfuscated or dynamically constructed secrets. No SAST/DAST: This is not a replacement for static/dynamic application security testing. IaC limited to Docker: No Terraform, Kubernetes, or CloudFormation scanning beyond basic grep patterns on .tf/.tfvars. TruffleHog verification: Verification depends on service availability — if an API is down, a real secret may show as "unverified." That's why we now scan all secrets, not just verified ones. Port scanning: Only detects currently listening ports, not firewall rules or network exposure. May need sudo on macOS for full process info. $HOME .env scan: Checks outside repo scope as a convenience — findings are warnings only, not counted as repo findings. ### What It Scans CategoryToolCoverageSecrets in codeTruffleHogCurrent files + full git history (all, verified highlighted)Filesystem secretsTruffleHogUntracked/working directory filesSecret patterns (high)grep20+ providers (AWS, GitHub, Anthropic, Slack, Stripe, etc.)Secret patterns (low)grepDB URLs, passwords, bearer tokens, Firebase, Supabase, JWTs.gitignoregit check-ignore.env*, *.pem, *.key, *.p12, *.pfx, credentials, keystores, .terraform/Dependenciesnpm/pip auditKnown CVEs in packagesPermissionsfindWorld-readable sensitive filesOpen Portslsof/ssUnexpected listening servicesEnv SecretsgrepHardcoded secrets in shell profiles, loose .env files (warning)Docker SecretsgrepHardcoded secrets in Dockerfiles and compose filesSSH AuditstatPermission checks on ~/.ssh, keys, configGit Remotesgit/ghInsecure HTTP remotes, public repo detection ### Security Model Binary verification: TruffleHog downloaded with SHA256 checksum verification against official release checksums Fail-closed hook: Missing TruffleHog blocks commits (not silently passes) No brew fallback: Only verified direct download to prevent supply chain attacks Version pinning: TRUFFLEHOG_VERSION validated as semver before use Self-exclusion: Scripts exclude themselves from grep scans via content marker ### Reference Files references/patterns.md — Regex patterns for all detected secret types, marked as ✅ scanned or 📖 reference only. ### Dependencies git, grep, find (standard) trufflehog (installed by setup.sh, pinned version with checksum verification) jq (optional — produces properly escaped JSON; without it, falls back to shell-based escaping which may break on unusual filenames/content) Built by The Agent Wire — a weekly newsletter about AI agents for solopreneurs. Liked this skill? I write about building agent-ops tools like this every Wednesday. Star ⭐ this skill if it saved you from leaking a secret. ### FAQ What is this skill? Agent Security Ops installs pre-commit hooks and runs 10-point security scans to prevent AI agents from leaking secrets. Catches API keys, tokens, passwords, and credentials before they reach git history. What problem does it solve? AI agents generate and handle credentials constantly — API keys, tokens, database URLs. Without guardrails, these end up in commits, logs, or chat messages. This skill adds automated scanning at commit-time and on-demand. What are the requirements? Bash, git, and TruffleHog (installed automatically). Works on macOS and Linux. No API keys or external services needed. What does the 10-point scan check? Git staged files, environment files (.env), config files, recent git history, high-entropy strings, known secret patterns, AWS/GCP/Azure credentials, private keys, database URLs, and API tokens. Does it work with any AI agent framework? Yes. It's framework-agnostic — operates at the git and filesystem level. Works with OpenClaw, Claude Code, Cursor, Aider, or any tool that writes files. Can it run on a schedule? Yes. Pair it with a cron job for periodic scans of your workspace. The scan outputs a structured report suitable for automated monitoring. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: TheAgentWire - Version: 1.2.2 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T08:36:53.211Z - Expires at: 2026-05-06T08:36:53.211Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/agent-security-ops) - [Send to Agent page](https://openagent3.xyz/skills/agent-security-ops/agent) - [JSON manifest](https://openagent3.xyz/skills/agent-security-ops/agent.json) - [Markdown brief](https://openagent3.xyz/skills/agent-security-ops/agent.md) - [Download page](https://openagent3.xyz/downloads/agent-security-ops)