Claude Skill
adversa-ai/secureclaw
SecureClaw 是一个面向 OpenClaw 的 OWASP 对齐安全插件与 Claude Skill,保护 AI 代理和 LLM 应用免受顶级威胁。基于 TypeScript 构建。
概览
仓库信息
安装这个 Skill
git clone https://github.com/adversa-ai/secureclaw.gitRegistry 信息
git clone https://github.com/adversa-ai/secureclaw.gitnpm install @adversa/secureclawnpx openclaw plugins install -l node_modules/@adversa/secureclawnpm installnpx openclaw plugins install -l .
项目简介
SecureClaw 是一个面向 OpenClaw 的 OWASP 对齐安全插件与 Claude Skill,旨在保护 AI 代理和 LLM 应用免受顶级安全威胁。它基于 TypeScript 构建,可无缝集成到 OpenClaw 工作流中,强制执行安全的代理行为。
SecureClaw - Security Plugin and Skill for OpenClaw OWASP-Aligned
要点
- 与 OWASP LLM Top 10 对齐的安全强制执行
- 作为 OpenClaw 插件和 Claude Skill 无缝集成
- 基于 TypeScript,轻量且可扩展的架构
- 针对 AI 代理和 LLM 工作流的主动威胁检测
使用场景
- 强化 AI 代理,抵御提示注入和数据泄露
- 在基于 OpenClaw 的代理系统中强制执行 OWASP 安全策略
- 将安全检查集成到 LLM 驱动的自动化流水线中
- 审计和监控代理行为以确保合规性
README 摘要
# SecureClaw End-to-End security platform for [OpenClaw](https://openclaw.ai) AI agents. Audit, Hardening and Runtime Security for OpenClaw. Developed by [Adversa AI](https://adversa.ai) -- Agentic AI Security and Red Teaming Pioneers. 56 audit checks. 15 behavioral rules. 9 scripts. 4 pattern databases. 7 security frameworks mapped. 10/10 OWASP ASI | 10/14 MITRE ATLAS | 4/4 MITRE OpenClaw Cases | 3/3 CoSAI Principles | CSA Singapore | 6/7 CSA MAESTRO Layers | 4/4 NIST AI 100-2 GenAI Types SecureClaw is a 360-degree security plugin and skills that audits your OpenClaw installation for misconfigurations and known vulnerabilities, applies automated hardening fixes, and gives your agent behavioral security rules that protect against prompt injection, credential theft, supply chain attacks, and privacy leaks. 1️⃣ Full OWASP Agentic Security Top 10 coverage. Static and runtime. We're the first and only security tool for OpenClaw to formally map every control to the ASI framework. 10/10 categories. 2️⃣ Every known incident. Every known CVE up until now. All 8 documented threat classes from the OpenClaw Security 101 research have specific countermeasures. Not generic "be careful" advice — actual detection and hardening for each one. 3️⃣ Plugin + Skill layered defense. The plugin runs as code — gateway hardening, permission lockdown, credential scanning. The skill runs as LLM directives — injection awareness, PII scanning, integrity monitoring. Two layers. Each catches the failures of the other. 4️⃣ Ultra-lean ~1,230 token skill. Most security skills dump thousands of tokens into context, competing with your actual conversations. Ours is 15 rules and a set of bash scripts. All detection logic runs as bash — zero LLM tokens. Your agent stays fast, stays focused, stays