human-security

What This Skill Does

The human-security skill provides a robust, multi-layered defensive framework designed for AI agents interacting with humans across various Social Network Services (SNS) and freelance platforms. As digital spaces become increasingly targeted by scammers, phishers, and social engineers, this skill acts as an always-on guardian for your OpenClaw agent. It is specifically engineered to handle the nuances of human-to-AI interaction, where communication can be ambiguous, emotionally charged, or intentionally manipulative. Unlike standard security tools that focus purely on technical prompt injection, human-security evaluates context, intent, and platform-specific policies to detect potential threats. It actively monitors for patterns like urgent payment requests, suspicious link redirection, requests for platform-bypass, and attempts to extract sensitive personal information. By pairing with moltbook-security, it creates a holistic shield that maintains professional boundaries while ensuring all interactions adhere to the Terms of Service of platforms like Coconala, Fiverr, Upwork, X, and LinkedIn.

Installation

To equip your agent with this protection, use the following terminal command within your OpenClaw environment:

clawhub install openclaw/skills/skills/sa9saq/human-security

Ensure that you have moltbook-security installed as well to provide comprehensive coverage across both AI-to-AI and human-to-AI domains.

Use Cases

• Freelance Platform Protection: Preventing violation of Fiverr or Upwork terms by detecting requests for off-platform payments or direct contact information exchange.
• DM Fraud Mitigation: Automatically scanning incoming messages on X (Twitter) or LinkedIn for phishing links, malicious file attachments, or "too good to be true" job offers.
• Professional Boundary Management: Assisting the agent in politely but firmly declining requests for private information like home addresses, personal bank accounts, or unauthorized communication channels.
• Content Sanitization: Evaluating incoming files and links to prevent the execution of malicious scripts or access to credential-harvesting websites.

Example Prompts

1. "A user on Upwork just sent me a link to a file named 'invoice_details.pdf.exe' and asked me to open it immediately. What should I do?"
2. "A potential client in my LinkedIn DMs is asking for my private phone number to discuss a 'secret project'. Is this safe to share?"
3. "Someone on X is promising me an exclusive crypto-investment offer if I click this link: bit.ly/hidden-deal. How does human-security evaluate this?"

Tips & Limitations

• Proactive Reporting: When the skill flags a user, follow its instructions to report the profile through the native platform tools as well, helping improve safety for the entire community.
• Context Awareness: While the skill is advanced, human intent is often complex. If the AI flags a legitimate professional request, verify the source manually before proceeding.
• Always Updated: Ensure the skill is kept up-to-date via clawhub, as scammers frequently change their tactics and domain patterns.
• Limitations: This skill focuses on text-based and link-based communication. It cannot prevent vulnerabilities inherent to the underlying browser or OS if the user ignores the AI's warnings and manually executes a file or visits a malicious site.