Tag: security
Manage and review automated prevention rules
This tool manages prevention rules, which are automatically generated from recurring failure patterns observed during execution. Developers can list active rules, check if a specific action is blocked, or review the history of rule promotio…
Adversarial code review using Claude Codex
This skill executes a skeptical, adversarial review of a codebase using Claude Codex, identifying potential regressions, unsafe assumptions, and release risks. Users can scope the review by specifying a base branch, commit SHA, or focusing …
Policy-Driven Agent Governance and Security Layer
This skill enforces security policies on all tool usage, evaluating calls for allowance, mandatory human approval, or outright denial. It ensures compliance by providing detailed audit trails and pausing execution until explicit user consen…
Comprehensive security code vulnerability review checklist
Provides a comprehensive, structured checklist for identifying common security vulnerabilities, covering areas such as injection flaws, authorization bypasses, and exposed credentials. It guides developers through best practices for secure …
Deep database introspection and schema querying tool
This tool suite provides deep introspection into a live database binding, allowing developers to query schema details, foreign key relationships, row-level security policies, and stored procedure definitions. It is essential for verifying c…
Missing Capability Guardrail Fixture
This fixture simulates a scenario where the capability guardrail contract is intentionally omitted. It is used for testing scanners to ensure they report missing capability declarations alongside behavioral findings.
Database introspection and schema querying tool
This suite of tools provides deep introspection into a connected database, allowing developers to query schema details, foreign keys, row-level security policies, and stored procedures. It offers granular access to metadata, including table…
AI Runtime Security Monitoring and Analysis
This tool provides comprehensive runtime security monitoring by analysing context graphs, correlating audit logs with CVE findings, and executing vulnerability analytics queries. It assists developers in identifying lateral movement and ass…
Runtime policy enforcement for agent tool calls
This tool operates as a local proxy, intercepting all MCP tool calls to evaluate them against defined policy-as-code rules. It provides critical runtime protection by blocking dangerous or non-compliant operations before they execute.
mako workflow for complex investigation and auditing
This skill orchestrates comprehensive workflows for deep investigation, artifact generation, and system auditing. It provides structured methods for generating pre-ship review bundles, auditing tenant boundaries, and managing session handof…
OpenClaw Security Hardening and Deployment Checklist
This utility provides a comprehensive security audit and hardening guide for OpenClaw installations. It checks critical areas such as network exposure, container isolation, credential management, and plugin integrity, offering actionable co…
Comprehensive Host Security Audit and Hardening
This skill assesses the security posture of a host by running deep, read-only audits across various operating systems. It then generates a staged, reversible hardening plan, guiding the user through risk profiling and necessary configuratio…
Securely manage secrets using 1Password CLI
This tool facilitates secure interaction with 1Password via its CLI, enabling developers to sign in, list vaults, and inject secrets. Usage requires executing all commands within a dedicated tmux session for reliable authentication and sess…
Security Advisory Triage and Review
This skill guides the rigorous triage of security advisories and GHSA reports by verifying shipped behavior, checking against established trust models, and drafting precise, evidence-backed maintainer comments for closure or further investi…
Secure API Proxy and Credential Manager
A secure proxy for agents that manages encrypted credentials and injects authentication server-side during API requests. It enables executing HTTP methods against configured services without exposing raw API keys to the agent.
Scan and fix hardcoded secrets in codebases
This tool scans codebases using entropy analysis and regex heuristics to detect hardcoded secrets and credentials. It can then automatically refactor the code, replacing leaked values with environment variable references and migrating them …
Scan and remediate hardcoded secrets from codebases
This skill scans codebases using entropy analysis and regex heuristics to detect hardcoded credentials. It can then automatically lint and fix these findings by replacing secrets with environment variable references.
Secure Secret Management for Credentials and Keys
This tool provides comprehensive credential lifecycle management, allowing developers to securely store, retrieve, and audit sensitive data like API keys and tokens. It supports advanced features such as multi-environment superposition and …
Execute Shell Commands with Injected Secrets
Execute shell commands with environment variables injected from the quantum ring keyring, featuring automatic stdout/stderr redaction and policy enforcement.
Comprehensive code security auditing and hardening
This skill acts as an expert security engineer, auditing codebases against OWASP standards, focusing on authentication, input validation, and secrets management. It provides concrete, actionable fix recommendations classified by severity (c…
Council-based code and security critique
Initiates an adversarial council process where multiple agents collaboratively analyze provided code or answers to identify bugs, security vulnerabilities, and logical flaws. This skill is designed for deep, multi-perspective code review.
Secure Proxy for Managed API Credentials
This proxy routes all external API requests through a secure local endpoint, preventing the agent from ever handling raw API keys. It manages credentials and enforces domain restrictions, ensuring all interactions are audited and securely r…
Securely fetch and clean web content for LLMs
This utility fetches URLs, providing clean, markdown-formatted content alongside structured metadata and external links. It includes advanced injection safety scanning and handles common web obstacles like paywalls and bot blocks.
Safety Guard for Destructive Kastell Operations
Intercepts destructive Kastell commands like destroy and restore to require explicit user confirmation via an LLM-based prompt hook. It provides a semantic layer of protection against accidental infrastructure changes.