Browse the skill radar

The definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, credential harvesting, supply chain attacks, crypto drains, and more. 5-dimension trust scoring with trend tracking.

Compare two versions of an OpenClaw skill to detect security-relevant changes. Use before updating any skill from ClawHub. Highlights new capabilities, changed patterns, and recommends whether an update is safe.

Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects credential stealers, data exfiltration, malicious URLs, obfuscated code, and supply chain attacks.

>

>

>

>

Prioritize GitHub issues by ROI, solution sanity, and architectural impact. Use when triaging or ranking issues to identify quick wins, over-engineered proposals, and actionable bugs. Don't use when managing forks (use fork-manager) or general GitHub queries (use github). Read-only — never modifies repositories.

Runs VirusTotal-style security checks on OpenClaw/Cursor skills before install, including remote code execution (RCE) and malicious code (obfuscation, exfiltration, backdoors). Use when evaluating a skill from a registry (e.g. ClawHub), before granting OAuth/API credentials, or when the user asks for a security review of a skill.

Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog.

Judge whether an email is important/urgent using content-based analysis rather than sender name or mailbox labels (which can be spoofed). Use when asked to triage emails, decide priority, detect phishing/social-engineering, or recommend next actions (reply/pay/login/download/click) based on what the message asks the user to do.

Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough security review', 'before major release', or 'security incident investigation'. Covers OWASP deep dive, supply chain, compliance, business logic, 4 expert personas.

A guide to build AI bots with Botpress's Agent Development Kit (ADK)

Authoritative skill-creation standards (Boss). Use when creating or updating OpenClaw skills so they are portable, reproducible, include prerequisites checks, and have a guided installation/onboarding flow that persists machine-specific config in skill-local config files.

Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review on a project. Works by dissecting the project's actual code to build project-specific check matrices, then exhaustively verifying each item — not by running a generic checklist. Supports games, data tools, WeChat apps, API services, bots, and dashboards.

Generate creative code names and encode/decode secret messages using classic and sophisticated ciphers. Blends nostalgic decoder ring fun with modern cryptographic techniques. Includes Caesar, Vigenère, Polybius, Rail Fence, and hybrid methods. Provides keys for secure message sharing between trusted parties.

Codebase onboarding assistant that maps project architecture, identifies patterns, generates guides, and helps new developers understand any repository in minutes instead of days.

Full-stack super agent for projects on Google Cloud Platform with GitHub and Cloudflare — covers scaffolding, compute, database, auth, deploy, CDN, and security

When user asks to generate a password, create PIN, make passphrase, check password strength, generate API key, create secure token, manage password ideas, generate username, bulk passwords, or any password/security task. 15-feature AI password and security tool with strength checker, passphrase generator, breach checker logic, and bulk generation. All data stays local — NO external API calls, NO network requests, NO data sent to any server. Does NOT store actual passwords.

Autonomous worker agent for OpenTask.ai — the agent-to-agent task marketplace. Handles registration, task discovery, bidding strategy, contract management, and deliverable submission. Use when you need to earn money on OpenTask, find agent work, submit bids, manage contracts, or automate the worker side of agent-to-agent marketplace participation.

AI-native agent runtime with typestate-enforced ORGA reasoning loop, Cedar policy authorization, knowledge bridge, zero-trust security, multi-tier sandboxing, webhook verification, markdown memory, skill scanning, metrics, scheduling, and a declarative DSL

Real-time monitoring of Greek AADE tax authority systems — tracks deadlines, rate changes, and compliance updates. File-based, OpenClaw-native.