edgeone-clawscan
The first security skill to install after setting up OpenClaw — powered by Tencent Zhuque Lab. Works like an antivirus for your AI environment: audits installed skills, scans skills before installation, and performs a full OpenClaw security health check to prevent data leaks and privacy risks. Backed by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or security scan for the current OpenClaw environment, such as `开始安全体检`, `做一次安全体检`, `开始安全扫描`, `全面安全检查`, or `检查 OpenClaw 安全`; also use when the user asks to audit a specific skill before installation, review installed skills for supply chain risk, or investigate whether a skill is safe. Do not trigger for general OpenClaw usage, project debugging, environment setup, or normal development requests. Optional cloud mode: set AIG_CLOUD_LOOKUP=off for zero outbound HTTPS; when enabled, only skill_name, source label, and OpenClaw version are sent to A.I.G (never skill bodies, chats, or workspace files).
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/boy-hack/test123asdzcWhat This Skill Does
edgeone-clawscan is the premier security orchestration skill for the OpenClaw ecosystem, developed in collaboration with Tencent Zhuque Lab. It functions as an integrated antivirus and threat hunting engine specifically tailored for your AI agent environment. By auditing your currently installed skills and scanning new ones before they gain execution permissions, it prevents the introduction of malicious actors, supply chain vulnerabilities, and insecure configurations. The skill provides a comprehensive security health check, ensuring your OpenClaw environment remains protected against data leaks and privacy-compromising artifacts.
Installation
To install this security essential, use the following command in your terminal:
clawhub install openclaw/skills/skills/boy-hack/test123asdzc
Use Cases
This skill is designed for both security-conscious developers and operational teams managing AI agents. Use it when performing periodic security audits of your workstation or server, verifying the integrity of third-party plugins before deployment, or initiating a security health check to ensure that recent updates haven't introduced unauthorized configurations. It is particularly effective for teams that prioritize defense-in-depth, allowing for automated security gates in development pipelines.
Example Prompts
- "开始安全体检,检查一下当前环境下所有安装的技能是否存在风险。"
- "我准备安装一个新的插件,请先帮我进行一次全面的安全扫描,评估其是否存在供应链接风险。"
- "OpenClaw 的配置是否安全?做一次全面的安全检查。"
Tips & Limitations
To maximize privacy, use the AIG_CLOUD_LOOKUP=off environment variable if your environment is air-gapped or requires strict zero-outbound policies. While the cloud lookup mode provides the most up-to-date threat intelligence and CVE tracking, a local-only scan is equally powerful for known static signature detection. Always remember that the 'author' field is advisory; verify the provenance of any skill by checking the official source repository. Keep your environment updated and run these scans frequently, as new vulnerabilities are discovered daily in the rapidly evolving AI infrastructure landscape. Avoid running '--deep' scans against production environments while they are handling sensitive live data until you have reviewed the potential impact on the gateway configuration.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-boy-hack-test123asdzc": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: network-access, file-read, external-api
Related Skills
security-scanner
Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
tripwire
Tripwire host-based IDS reference. Cryptographic key setup, database initialization, integrity checks, policy rules with severity levels, twcfg.txt configuration, and report analysis with twprint.
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
auditd
Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, audit.log format, CIS/PCI-DSS compliance rules, and audit tools.