home / skills / prompt-security / clawsec / clawsec-nanoclaw

clawsec-nanoclaw skill

safe

This skill protects your NanoClaw bot by scanning installed skills for known vulnerabilities and advising before installation.

npx playbooks add skill prompt-security/clawsec --skill clawsec-nanoclaw

Review the files below or copy the command above to add this skill to your agents.

Files (21)

SKILL.md

5.3 KB

---
name: clawsec-nanoclaw
version: 0.0.2
description: Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
---

# ClawSec for NanoClaw

Security advisory monitoring that protects your WhatsApp bot from known vulnerabilities in skills and dependencies.

## Overview

ClawSec provides MCP tools that check installed skills against a curated feed of security advisories. It prevents installation of vulnerable skills, includes exploitability context for triage, and alerts you to issues in existing ones.

**Core principle:** Check before you install. Monitor what's running.

## When to Use

Use ClawSec tools when:
- Installing a new skill (check safety first)
- User asks "are my skills secure?"
- Investigating suspicious behavior
- Regular security audits
- After receiving security notifications

Do NOT use for:
- Code review (use other tools)
- Performance issues (different concern)
- General debugging

## MCP Tools Available

### Pre-Installation Check

```typescript
// Before installing any skill
const safety = await tools.clawsec_check_skill_safety({
  skillName: 'new-skill',
  skillVersion: '1.0.0'  // optional
});

if (!safety.safe) {
  // Show user the risks before proceeding
  console.warn(`Security issues: ${safety.advisories.map(a => a.id)}`);
}
```

### Security Audit

```typescript
// Check all installed skills (defaults to ~/.claude/skills in the container)
const result = await tools.clawsec_check_advisories({
  installRoot: '/home/node/.claude/skills'  // optional
});

if (result.matches.some((m) =>
  m.advisory.severity === 'critical' || m.advisory.exploitability_score === 'high'
)) {
  // Alert user immediately
  console.error('Urgent advisories found!');
}
```

### Browse Advisories

```typescript
// List advisories with filters
const advisories = await tools.clawsec_list_advisories({
  severity: 'high',               // optional
  exploitabilityScore: 'high'     // optional
});
```

## Quick Reference

| Task | Tool | Key Parameter |
|------|------|---------------|
| Pre-install check | `clawsec_check_skill_safety` | `skillName` |
| Audit all skills | `clawsec_check_advisories` | `installRoot` (optional) |
| Browse feed | `clawsec_list_advisories` | `severity`, `type`, `exploitabilityScore` (optional) |
| Verify package signature | `clawsec_verify_skill_package` | `packagePath` |
| Refresh advisory cache | `clawsec_refresh_cache` | (none) |
| Check file integrity | `clawsec_check_integrity` | `mode`, `autoRestore` (optional) |
| Approve file change | `clawsec_approve_change` | `path` |
| View baseline status | `clawsec_integrity_status` | `path` (optional) |
| Verify audit log | `clawsec_verify_audit` | (none) |

## Common Patterns

### Pattern 1: Safe Skill Installation

```typescript
// ALWAYS check before installing
const safety = await tools.clawsec_check_skill_safety({
  skillName: userRequestedSkill
});

if (safety.safe) {
  // Proceed with installation
  await installSkill(userRequestedSkill);
} else {
  // Show user the risks and get confirmation
  await showSecurityWarning(safety.advisories);
  if (await getUserConfirmation()) {
    await installSkill(userRequestedSkill);
  }
}
```

### Pattern 2: Periodic Security Check

```typescript
// Add to scheduled tasks
schedule_task({
  prompt: "Check advisories using clawsec_check_advisories and alert when critical or high-exploitability matches appear",
  schedule_type: "cron",
  schedule_value: "0 9 * * *"  // Daily at 9am
});
```

### Pattern 3: User Security Query

```
User: "Are my skills secure?"

You: I'll check installed skills for known vulnerabilities.
[Use clawsec_check_advisories]

Response:
✅ No urgent issues found.
- 2 low-severity/low-exploitability advisories
- All skills up to date
```

## Common Mistakes

### ❌ Installing without checking
```typescript
// DON'T
await installSkill('untrusted-skill');
```

```typescript
// DO
const safety = await tools.clawsec_check_skill_safety({
  skillName: 'untrusted-skill'
});
if (safety.safe) await installSkill('untrusted-skill');
```

### ❌ Ignoring exploitability context
```typescript
// DON'T: Use severity only
if (advisory.severity === 'high') {
  notifyNow(advisory);
}
```

```typescript
// DO: Use exploitability + severity
if (
  advisory.exploitability_score === 'high' ||
  advisory.severity === 'critical'
) {
  notifyNow(advisory);
}
```

### ❌ Skipping critical severity
```typescript
// DON'T: Ignore high exploitability in medium severity advisories
if (advisory.severity === 'critical') alert();
```

```typescript
// DO: Prioritize exploitability and severity together
if (advisory.exploitability_score === 'high' || advisory.severity === 'critical') {
  // Alert immediately
}
```

## Implementation Details

**Feed Source**: https://clawsec.prompt.security/advisories/feed.json

**Update Frequency**: Every 6 hours (automatic)

**Signature Verification**: Ed25519 signed feeds

**Cache Location**: `/workspace/project/data/clawsec-advisory-cache.json`

See [INSTALL.md](./INSTALL.md) for setup and [docs/](./docs/) for advanced usage.

## Real-World Impact

- Prevents installation of skills with known RCE vulnerabilities
- Alerts to supply chain attacks in dependencies
- Provides actionable remediation steps
- Zero false positives (curated feed only)

Overview

This skill protects NanoClaw/OpenClaw agents by monitoring installed skills and dependencies for known security vulnerabilities. It prevents installing unsafe skills, runs audits on your current environment, and provides actionable advisories with exploitability context. Use it to keep your bot's skill set and integrity files secure and verifiable.

How this skill works

The tool queries a curated advisory feed and compares entries to installed skills, packages, and file baselines. It offers a pre-install check, scheduled audits, package signature verification, integrity monitoring, and an advisory browser with severity and exploitability filters. Results include exploitability context to prioritize triage and automated alerts for critical findings.

When to use it

Before installing any new NanoClaw/OpenClaw skill
When a user asks “Are my skills secure?” or raises suspicious behavior
As part of regular security audits or scheduled cron checks
After receiving external security notifications or advisories
Before approving file changes or restoring integrity baselines

Best practices

Always run a pre-install safety check for user-requested skills
Prioritize advisories by exploitability score and severity together, not severity alone
Schedule daily or weekly audits to catch supply-chain issues early
Enable package signature and file integrity verification for production bots
Review and approve integrity changes through the audit workflow instead of blind restores

Example use cases

Pre-install safety check: block or warn before adding a third-party skill
Full environment audit: scan ~/.claude/skills (or custom installRoot) for urgent advisories
Automated monitoring: cron job that alerts on critical or high-exploitability matches
Investigations: use advisory matches and exploitability details when tracing suspicious behavior
Integrity verification: detect and optionally auto-restore modified core files with approval workflow

FAQ

Can this block skill installation automatically?

Yes. Use the pre-install check to prevent installation by default or surface risks so an operator can approve with informed consent.

How often is the advisory feed updated?

The curated feed updates automatically every six hours and is Ed25519-signed for authenticity; you can also force-refresh the local cache.