All Skills
Filter by source, category, or keyword. Read the internal summary first — then decide if the original page is worth your time.
Read first. Jump out only when you're ready.
Internal summaries, source signals, and category context — all in one place. Open the original listing only when you already know why it's worth your time.
Security & Compliance · Tencent SkillHub
Identity, auth, scanning, governance, audit, and operational guardrails.
Best for broad discovery and market coverage, then narrow down using category and source signal.
311 skills
Click any card to read internal detail before jumping to source.
Feelgoodbot
Set up feelgoodbot file integrity monitoring and TOTP step-up authentication for macOS. Use when the user wants to detect malware, monitor for system tampering, set up security alerts, or require OTP verification for sensitive agent actions.
Firewall
Configure firewalls on servers and cloud providers with security best practices.
Firm Security Audit
Audit de sécurité proactif des déploiements OpenClaw. Détecte et remédie aux 4 gaps critiques/hauts identifiés dans openclaw/openclaw : SQL injection (C1), s...
Fletcher Cyber Security Engineer
Manage and enforce least-privilege execution, approval-based elevation, port and egress monitoring, and ISO 27001/NIST compliance reporting for OpenClaw secu...
GEP Immune Auditor
Security audit agent for GEP/EvoMap ecosystem. Scans Gene/Capsule assets using immune-system-inspired 3-layer detection: L1 pattern scan, L2 intent inference...
Gateway Guard
Ensures OpenClaw gateway auth consistency. Use when checking or fixing gateway token/password mismatch, device_token_mismatch errors, or before delegating to...
Gatewaystack Governance
Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit logging, plus opt-in output DLP, escalation, and...
Gdpr Dsgvo Expert
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.
Go Security Vulnerability
Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.
Greek Compliance Aade
Greek tax compliance with AADE/TAXIS integration — VAT, payroll, EFKA, municipal taxes, stamp duty. Human confirmation for all submissions.
Guardian
Local-first security scanner for OpenClaw agents. Detects prompt injection, exfiltration patterns, tool abuse, and social engineering using bundled signatures.
Guardian Wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the intern...
Guava Guard
Runtime security guard for OpenClaw agents. Warns on dangerous tool call patterns. For full static scanning, use guard-scanner.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence.
Hackathon
Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol.
Health
Provide personalized wellness guidance while maintaining strict safety boundaries.
Healthcheck Ready
Performs a quick risk posture check on the host and provides a concise snapshot of OpenClaw's security and readiness status.
Host Hardening
Harden an OpenClaw Linux server with SSH key-only auth, UFW firewall, fail2ban brute-force protection, and credential permissions. Use when setting up a new...
Host Hardening
Harden an OpenClaw Linux server with SSH key-only auth, UFW firewall, fail2ban brute-force protection, and credential permissions. Use when setting up a new...
Iam Policy Auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
Indirect Prompt Injection Defense
Detect and reject indirect prompt injection attacks when reading external content (social media posts, comments, documents, emails, web pages, user uploads). Use this skill BEFORE processing any untrusted external content to identify manipulation attempts that hijack goals, exfiltrate data, override instructions, or social engineer compliance. Includes 20+ detection patterns, homoglyph detection, and sanitization scripts.
Input Validator
温和的输入验证器,检测网页/文件/消息中的恶意内容。支持危险内容阻止和可疑内容警告,不影响正常使用。
Insecure Defaults Detection
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Install Then Update Trap Detector
Helps detect the install-then-update attack pattern — where a skill passes initial security review cleanly, then silently introduces malicious behavior throu...