Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when yo
Safely inject API keys from 1Password into macOS LaunchAgent plists using PlistBuddy. Use when running OpenClaw on macOS and storing secrets in 1Password — a...
知识产权顾问。专利、版权、商业秘密、注册流程、保护策略。IP advisor for patents, copyrights, trade secrets. 知识产权、专利、版权。
Audit GitHub Actions cloud auth workflows for OIDC hardening gaps like missing id-token write permissions, static cloud secrets, and floating auth action refs.
Expand reading insights into detailed notes using local templates only. SAFE VERSION: No external API calls, no filesystem access, no secrets required.
Scan and remove sensitive data before publishing skills. Detect API keys, tokens, secrets, and personal info.
--- name: audit-code description: Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities disable-model-invocation: true allowed-tools: Read, Glob, Grep, Bash c
--- name: log-scrubber description: Automatically redacts API keys, tokens, and secrets from workspace logs and memory files. homepage: https://github.com/Heather-Herbert/openclaw-log-scrubber metadat
Connect OpenClaw to Jira Cloud with secret-safe API access via pastewatch redaction. Includes credential setup, REST API helper script, JQL patterns, focus a...
Expand reading insights into in-depth reviews using local templates only. SAFE VERSION: No external API calls, no filesystem access, no secrets required.
Audit Node.js HTTP servers and web apps for security vulnerabilities. Checks OWASP Top 10, CORS, auth bypass, XSS, path traversal, hardcoded secrets, missing...
GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
--- name: opys-calendar-skill description: A local markdown-backed calendar with CLI and optional two-way Google Calendar sync. env: - GOOGLE_CLIENT_ID - GOOGLE_CLIENT_SECRET - GOOGLE_REDIRECT_U
Use Tribunal commands for TDD enforcement, quality gates, secret scanning, Agent Teams hooks, CI integration, and plugin packs. Use when running quality chec...
Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk...
Set up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.
发送飞书卡片消息(支持纯文本和图片)。使用 message 工具的 card 参数,需要配置飞书应用凭证(App ID + App Secret)。
飞书云文档(docx)的创建与编辑技能。支持通过 API 创建文档、追加内容、批量更新块等操作。使用此技能需要提供 App ID 和 App Secret。
WHAT: Kubernetes manifest generation - Deployments, StatefulSets, CronJobs, Services, Ingresses, ConfigMaps, Secrets, and PVCs with production-grade security and health checks. WHEN: User needs to c
Manage Cloudflare Workers, KV, D1, R2, and secrets using the Wrangler CLI. Use when deploying workers, managing databases, storing objects, or configuring Cloudflare resources. Covers worker deploymen
Enforce contextual permission boundaries for AI agents based on communication surface. Constrains agent capabilities (exec, file I/O, secrets, messaging) by...
Run local-only fail-closed security checks to detect and report data leaks, secrets, egress risks, and prompt injections before publishing or committing code.
Trustless encrypted vault with TOTP auth and clean-room session isolation. Secrets your agent holds but cannot read. Use when user wants to store, retrieve,...
# Kraken Crypto Skill Use the kraken_cli.py wrapper to query your Kraken account. ## Setup Export your Kraken API credentials. ```bash export KRAKEN_API_KEY="your_api_key" export KRAKEN_API_SECRET