clawsec-suite

Manages ClawSec suite with monitoring, cryptographic verification, and guided setup for enhanced security skills.

Install this skill

or

1/100

Security score

The clawsec-suite skill was audited on Jun 11, 2026 and we found 19 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 52

Template literal with variable interpolation in command context

SourceSKILL.md

52

```bash

medium line 79

Template literal with variable interpolation in command context

SourceSKILL.md

79

```bash

medium line 159

Template literal with variable interpolation in command context

SourceSKILL.md

159

```bash

medium line 168

Template literal with variable interpolation in command context

SourceSKILL.md

168

```bash

medium line 188

Template literal with variable interpolation in command context

SourceSKILL.md

188

```bash

high line 213

Template literal with variable interpolation in command context

SourceSKILL.md

213	- Remote feed signature URL: `${CLAWSEC_FEED_URL}.sig` (override with `CLAWSEC_FEED_SIG_URL`)

high line 216

Template literal with variable interpolation in command context

SourceSKILL.md

216	- Local feed signature: `${CLAWSEC_LOCAL_FEED}.sig` (override with `CLAWSEC_LOCAL_FEED_SIG`)

medium line 226

Template literal with variable interpolation in command context

SourceSKILL.md

226

```bash

medium line 395

Template literal with variable interpolation in command context

SourceSKILL.md

395

```bash

medium line 25

Access to hidden dotfiles in home directory

SourceSKILL.md

25	- Side effects: setup scripts install an advisory hook under `~/.openclaw/hooks`, optionally create an unattended `openclaw cron` job, and use `npx clawhub@latest install` for guarded installs

medium line 215

Access to hidden dotfiles in home directory

SourceSKILL.md

215	- Local seed fallback: `~/.openclaw/skills/clawsec-suite/advisories/feed.json`

medium line 217

Access to hidden dotfiles in home directory

SourceSKILL.md

217	- Local checksums manifest: `~/.openclaw/skills/clawsec-suite/advisories/checksums.json`

medium line 218

Access to hidden dotfiles in home directory

SourceSKILL.md

218	- Pinned feed signing key: `~/.openclaw/skills/clawsec-suite/advisories/feed-signing-public.pem` (override with `CLAWSEC_FEED_PUBLIC_KEY`)

medium line 219

Access to hidden dotfiles in home directory

SourceSKILL.md

219	- State file: `~/.openclaw/clawsec-suite-feed-state.json`

medium line 318

Access to hidden dotfiles in home directory

SourceSKILL.md

318	3. `~/.openclaw/security-audit.json`

low line 5

External URL reference

SourceSKILL.md

5	homepage: https://clawsec.prompt.security

low line 50

External URL reference

SourceSKILL.md

50	Discover the current catalog from the authoritative index (`https://clawsec.prompt.security/skills/index.json`) at runtime:

low line 211

External URL reference

SourceSKILL.md

211	- Remote consolidated feed URL: `https://clawsec.prompt.security/advisories/feed.json`

low line 227

External URL reference

SourceSKILL.md

227	FEED_URL="${CLAWSEC_FEED_URL:-https://clawsec.prompt.security/advisories/feed.json}"

Scanned on Jun 11, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1.0K

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

frontend docx git api testing devops security-engineer devops-sre development

prompt-security/clawsec