Heimdall Security
Skill by henrino3
Why use this skill?
Protect your AI agent environment with Heimdall Security. Scan OpenClaw skills for malicious patterns, unauthorized network access, and code injection threats.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/henrino3/heimdall-securityWhat This Skill Does
Heimdall Security is an advanced defensive auditing tool designed specifically for the OpenClaw AI ecosystem. As the landscape of AI agent skills grows, so does the risk of supply chain attacks and malicious code injection. Heimdall acts as a gatekeeper, performing static analysis and AI-powered narrative inspection on skill packages before they are granted execution privileges in your environment. It identifies over 100 dangerous patterns, ranging from blatant shell execution commands to subtle Unicode obfuscation techniques and unauthorized data exfiltration attempts.
Installation
Heimdall is installed directly into your OpenClaw skills directory. You can pull the latest version from the official repository. Once installed, it is recommended to keep it updated to ensure the signature database remains current against emerging threats. No complex dependencies are required beyond a standard Python 3 runtime; however, for the most effective protection, configuring an OpenRouter API key is highly advised to enable the Claude-powered narrative analysis engine, which can detect intent that standard pattern matching might miss.
Use Cases
Heimdall is essential for power users and developers who regularly integrate third-party skills. Use it whenever you download a skill from an unverified source on GitHub or a public repository. It is also an excellent tool for developers building internal agent workflows who want to implement a 'security-as-code' practice, ensuring that every update to their custom agent skills passes an automated pre-flight security checklist before being deployed to production agents.
Example Prompts
- "@Heimdall scan the directory ~/clawd/skills/experimental-crypto-bot and tell me if it contains any hidden network exfiltration logic."
- "@Heimdall perform an AI-powered analysis on the skill located at /tmp/imported-skill and explain why it was flagged as high-risk."
- "@Heimdall audit my currently installed skills and list any that have permissions for sudo or shell execution."
Tips & Limitations
To maximize effectiveness, always run Heimdall with the --analyze flag enabled, as simple signature matching can be bypassed by polymorphic code. Be aware that Heimdall is a heuristic tool; while it is highly effective, it may generate false positives if a skill performs legitimate administrative tasks (like system maintenance). Always review the logs generated by --verbose to understand why a specific file was flagged before deleting it. Finally, ensure that your secrets folder is secure, as the tool relies on API access to perform its most advanced threat intelligence tasks.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-henrino3-heimdall-security": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
Heimdall
Skill by henrino3
task-orchestrator
Autonomous multi-agent task orchestration with dependency analysis, parallel tmux/Codex execution, and self-healing heartbeat monitoring. Use for large projects with multiple issues/tasks that need coordinated parallel execution.
Ec Ralph Loop
Skill by henrino3
excalidraw
Generate hand-drawn style diagrams, flowcharts, and architecture diagrams as PNG images from Excalidraw JSON
senior-engineering
Engineering principles for building software like a senior engineer. Load when tackling non-trivial development work, architecting systems, reviewing code, or orchestrating multi-agent builds. Covers planning, execution, quality gates, and LLM-specific patterns.