MANDATORY security foundation for OpenClaw. Consolidate scattered API keys and credentials into a secure .env file with proper permissions.
Maintainer workflow for OpenClaw GitHub Security Advisories (GHSA). Use when Codex needs to inspect, patch, validate, or publish a repo advisory, verify private-fork state,…
AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations — from…
AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations — from…
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue…
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit…
Agent-layer security monitoring, drift detection, and integrity verification for OpenClaw environments.
Security guard for OpenClaw users. Audit configs, scan secrets, manage access, and generate security reports.
Security monitoring and threat detection for OpenClaw agents — protect your agent with real-time SIEM, detect threats, monitor agent activity, and audit events.
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration.
Reduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and native 2026.2.15 features (session pruning, bootstrap size…
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill…
Personal productivity system for task and capacity management. Create and organize tasks with rich attributes (priority, effort, complexity, tags), track time and streaks, manage…
QA opencode itself, per case: verify the CLI/terminal (opencode run, db, serve, export), prove a specific plugin hook/action/event fired via the SSE event stream, smoke-test the…
Processes OpenEXR high dynamic range images using the OpenImageIO (oiiotool) CLI and Imath library for multi-layer compositing, tone mapping with ACES color transforms, and…
Scenario-first whitebox security vulnerability research using the OpenHack methodology (Hadrian Security).
End-to-end encrypted messaging for AI agents. Register unique usernames and send cryptographically private messages with blinded inboxes.
Real-time crypto & financial news aggregator — 72+ data sources across 5 categories (News: Bloomberg, Reuters, FT, CNBC, CoinDesk, Twitter/X + 47 more; Listing: Binance, Coinbase,…
Package applications for OpenShift deployment: container images (UBI, arbitrary UID, multi-stage builds), packaging formats (Helm, Kustomize, Operators, OLM v1), CI/CD (Tekton,…
Generate secure random strings, passwords, and cryptographic tokens using OpenSSL. Use when creating passwords, API keys, secrets, or any secure random data.
Agent-to-agent marketplace MVP. Agents post jobs, bid, contract, submit deliverables, and leave reviews. Payments are off-platform (crypto) in v1.
Instrument multi-agent swarms with OpenTelemetry spans, semantic drift monitoring, anomaly detection, distributed trace propagation across 87 agents, and SIEM bridge export for…
>\n Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone\
Expert usage of OpenZeppelin Contracts library for secure smart contract development. Covers access control, token standards, governance, upgrades, and security utilities.
Use before asking the operator to click, type, or run anything (console steps, account setup, credentials, consent) — format the single operator-delegated action as purpose +…
OPNsense firewall + router for the SecretCon lab, deployed as a Proxmox VM in front of vmbr1
Simulates the opposing party's litigation and negotiation strategy by mapping their likely factual narrative, categorizing defenses, predicting evidence attacks, and designing…
Jeff Bezos' method for identifying and capturing massive market opportunities through customer obsession and long-term thinking
Act as experienced opposing counsel to attack, undermine, and expose weaknesses in a legal argument, submission, witness statement, or structured reasoning.\nProduces a six-part…
Apply the Opquast Digital Quality Framework (245 rules, 14 categories) when building, reviewing, or auditing websites and web applications.
Operational security management — traffic shaping, scan rate limiting, source IP management, tool signature avoidance, evidence handling, anti-detection patterns.
Discover and deliver repository optimization work end to end: identify performance/reliability/maintainability/security/dx/cost optimization points, prioritize by…
Validates production readiness through performance benchmarking, accessibility audits, security reviews, and code quality checks.
Reviews and optimizes GitHub Actions workflows for performance (cache layering, matrix sharding with Vitest 2.x+/Playwright blob+merge), quality (gate separation, observability…
Use when optimizing a single page for SEO — fixing title and meta, tightening H1/H2 hierarchy, improving internal linking and anchor text, auditing alt text, capturing featured…
Expert technical advisor with deep reasoning for architecture decisions, code analysis, and engineering guidance.
Build OCI networking from scratch — VCN, subnets, gateways, and security rules. Use when creating a new VCN, debugging connectivity issues, or setting up security lists and NSGs.
Install and configure Oracle Cloud Infrastructure (OCI) SDK and CLI authentication. Use when setting up a new OCI integration, generating API signing keys, or debugging config…
Pre-production readiness checklist for OCI — backup policies, security audit, key rotation, encryption, and Cloud Guard.
Master OCI IAM policy syntax, common policy patterns, and API key management. Use when writing IAM policies, granting access to compartments, or managing API keys.
Use this plugin when the user wants a dark, space-themed NFT collection landing page (\"Orbis.Nft\") with full-bleed CloudFront video backgrounds, a liquid-glass UI, Anton +…
Classify and file every newly installed skill, plugin, MCP, connector, or agent into the right orchestra — never archive.
Use when user asks to \"deep review the code\", \"thorough code review\", \"multi-pass review\", or when orchestrating the Phase 9 review loop.
Orquestador maestro del Financial Intelligence System. ACTÍVALO SIEMPRE como primer paso ante cualquier consulta financiera de mediana o alta complejidad.
Use during the review stage of an Orchex-governed run to assess correctness, completeness, security, and workflow-contract compliance.
Answer questions about the orkid media engine. Routes to specialized sub-skills for threading, reflection, filesystem, graphics, UI, audio, ECS, asset catalog, Python bindings,…
Evita errores por comandos incompatibles verificando SIEMPRE el SO antes de sugerir instalaciones. Trigger: "instalar", "upgrade", "apt", "brew", "winget", "configurar sistema",…
Expertise on OSCAL (Open Security Controls Assessment Language) — what document types exist, when to use each, schema versioning, FedRAMP/eMASS/CSPM integration, round-trip…
OSINT Investigator v2.1 — comprehensive open-source intelligence skill. Triggers on: OSINT, recon, digital footprint, dorking, social media investigation, username lookups, email…
Performs deep OSINT analysis on domains using Shodan API, SecurityTrails DNS history, and WHOIS RDAP lookups.
Comprehensive OSINT methodology for external red-team operations and authorized attack-surface assessments.
对象存储(S3/OSS/COS/OBS)Bucket 误配利用。当发现 AWS S3、阿里云 OSS、腾讯云 COS、华为云 OBS 等对象存储服务,或在 HTTP 响应中看到 x-amz-*、x-oss-*、x-cos-* 等 Header 时使用。覆盖 Bucket 枚举、ACL 误配检测、公开读写利用、Bucket 接管、Object…
Audits and guides OSS project release readiness across the full lifecycle: community standards, README quality, launch strategy, distribution pipeline, and governance/security…
GRIMSEC Agent 11: Evidence-backed forensic investigation of open-source GitHub repositories. Use when investigating supply chain incidents, suspicious commits, compromised…
OWASP Open Source Software Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in open source software dependencies.
OSV-Scanner is Google's open-source vulnerability scanner that checks project dependencies against the OSV.dev database.
Prep a Sui Move package for an OtterSec security audit. Use when the user mentions OtterSec or wants audit prep.
Authenticates to Microsoft Graph API using MSAL with Mail.ReadWrite and Calendars.ReadWrite permissions.
View and edit encrypted credentials in an Output.ai project. Use when adding secrets, updating API keys, verifying credential values, or retrieving a specific credential.
Wire encrypted credentials to environment variables using the credential: convention. Use when setting up LLM provider keys (ANTHROPIC_API_KEY, OPENAI_API_KEY) or any env var that…