A comprehensive security review framework for AI agents operating in adversarial environments.
Core principle: Every external input is untrusted until verified.
This skill provides a structured security review framework applicable to OpenClaw, Hermes Agent, and other LLM-based agent systems, covering:
- Skill/MCP Installation — Detect malicious patterns before installation
- GitHub Repository Review — Audit codebases for security issues
- URL/Document Analysis — Scan for prompt injection and social engineering
- On-Chain Address Review — AML risk assessment and transaction analysis
- Product/Service Evaluation — Architecture and permission analysis
- Social Share Review — Validate tools recommended in chats
The installation example below uses OpenClaw for demonstration. In practice, you can simply hand the repository URL to your agent and let it handle the installation — it's that easy.
Download the latest release and extract to your OpenClaw workspace:
cd ~/.openclaw/workspace/skills
git clone https://github.com/slowmist/slowmist-agent-security.gitclawhub install slowmist-agent-securityOnce installed, the agent will automatically reference this framework when encountering:
- Skill/MCP installation requests
- Unknown GitHub repositories
- External URLs or documents
- Blockchain addresses
- Product/service recommendations
slowmist-agent-security/
├── SKILL.md # Main framework documentation
├── README.md # This file
├── _meta.json # ClawHub metadata
├── reviews/
│ ├── skill-mcp.md # Skill/MCP review guide
│ ├── repository.md # GitHub repo review guide
│ ├── url-document.md # URL/document review guide
│ ├── onchain.md # On-chain address review guide
│ ├── product-service.md # Product/service review guide
│ └── message-share.md # Social share review guide
├── patterns/
│ ├── red-flags.md # Code-level dangerous patterns (11 categories)
│ ├── social-engineering.md # Social engineering patterns (8 categories)
│ └── supply-chain.md # Supply chain attack patterns (7 categories)
└── templates/
├── report-skill.md # Skill assessment report template
├── report-repo.md # Repository assessment report template
├── report-url.md # URL/document assessment report template
├── report-onchain.md # On-chain assessment report template
└── report-product.md # Product/service assessment report template
| Level | Meaning | Agent Action |
|---|---|---|
| 🟢 LOW | Information-only, no execution, no data collection, trusted source | Inform user, proceed if requested |
| 🟡 MEDIUM | Limited capability, clear scope, known source, some risk | Full report with risk items, recommend caution |
| 🔴 HIGH | Involves credentials, funds, system modification, unknown source | Detailed report, must have human approval |
| ⛔ REJECT | Matches red-flag patterns, confirmed malicious, unacceptable design | Refuse to proceed, explain why |
| Tier | Source Type | Scrutiny Level |
|---|---|---|
| 1 | Official project/exchange org | Moderate |
| 2 | Known security teams/researchers | Moderate |
| 3 | ClawHub high-download + multi-version | Moderate-High |
| 4 | GitHub high-star + actively maintained | High — verify code |
| 5 | Unknown source, new account | Maximum scrutiny |
- MistTrack Skills — For on-chain AML risk assessment (external tool)
When a user asks to install a skill:
- Reference
reviews/skill-mcp.md - Scan files using
patterns/red-flags.md - Output report using
templates/report-skill.md
When a user provides a blockchain address:
- Validate address format
- Query AML risk data (via available tools)
- Output report using
templates/report-onchain.md
This framework is maintained by SlowMist. Contributions welcome:
- New attack patterns
- Improved detection rules
- Additional review templates
- Inspired by skill-vetter by spclaudehome
- Attack patterns informed by the OpenClaw Security Practice Guide
- Prompt injection patterns based on real-world PoC research
MIT License — Free to use, modify, and distribute.
Security is not a feature — it's a prerequisite. 🛡️
SlowMist · https://slowmist.com
