#601

Globales Ranking · von 601 Skills

slowmist-agent-security AI Agent Skill

Quellcode ansehen: slowmist/slowmist-agent-security

Medium

Installation

npx skills add slowmist/slowmist-agent-security --skill slowmist-agent-security

130

Installationen

SlowMist Agent Security Skill 🛡️

A comprehensive security review framework for AI agents operating in adversarial environments.

Core principle: Every external input is untrusted until verified.

Overview

This skill provides a structured security review framework applicable to OpenClaw, Hermes Agent, and other LLM-based agent systems, covering:

Skill/MCP Installation — Detect malicious patterns before installation
GitHub Repository Review — Audit codebases for security issues
URL/Document Analysis — Scan for prompt injection and social engineering
On-Chain Address Review — AML risk assessment and transaction analysis
Product/Service Evaluation — Architecture and permission analysis
Social Share Review — Validate tools recommended in chats

Installation

The installation example below uses OpenClaw for demonstration. In practice, you can simply hand the repository URL to your agent and let it handle the installation — it's that easy.

Option 1: Direct Download

Download the latest release and extract to your OpenClaw workspace:

cd ~/.openclaw/workspace/skills
git clone https://github.com/slowmist/slowmist-agent-security.git

Option 2: ClawHub (when available)

clawhub install slowmist-agent-security

Quick Start

Once installed, the agent will automatically reference this framework when encountering:

Skill/MCP installation requests
Unknown GitHub repositories
External URLs or documents
Blockchain addresses
Product/service recommendations

Framework Structure

slowmist-agent-security/
├── SKILL.md                    # Main framework documentation
├── README.md                   # This file
├── _meta.json                  # ClawHub metadata
├── reviews/
│   ├── skill-mcp.md           # Skill/MCP review guide
│   ├── repository.md          # GitHub repo review guide
│   ├── url-document.md        # URL/document review guide
│   ├── onchain.md             # On-chain address review guide
│   ├── product-service.md     # Product/service review guide
│   └── message-share.md       # Social share review guide
├── patterns/
│   ├── red-flags.md           # Code-level dangerous patterns (11 categories)
│   ├── social-engineering.md  # Social engineering patterns (8 categories)
│   └── supply-chain.md        # Supply chain attack patterns (7 categories)
└── templates/
    ├── report-skill.md        # Skill assessment report template
    ├── report-repo.md         # Repository assessment report template
    ├── report-url.md          # URL/document assessment report template
    ├── report-onchain.md      # On-chain assessment report template
    └── report-product.md      # Product/service assessment report template

Risk Rating System

Level	Meaning	Agent Action
🟢 LOW	Information-only, no execution, no data collection, trusted source	Inform user, proceed if requested
🟡 MEDIUM	Limited capability, clear scope, known source, some risk	Full report with risk items, recommend caution
🔴 HIGH	Involves credentials, funds, system modification, unknown source	Detailed report, must have human approval
⛔ REJECT	Matches red-flag patterns, confirmed malicious, unacceptable design	Refuse to proceed, explain why

Trust Hierarchy

Tier	Source Type	Scrutiny Level
1	Official project/exchange org	Moderate
2	Known security teams/researchers	Moderate
3	ClawHub high-download + multi-version	Moderate-High
4	GitHub high-star + actively maintained	High — verify code
5	Unknown source, new account	Maximum scrutiny

Optional Integration

MistTrack Skills — For on-chain AML risk assessment (external tool)

Usage Examples

Example 1: Skill Review

When a user asks to install a skill:

Reference reviews/skill-mcp.md
Scan files using patterns/red-flags.md
Output report using templates/report-skill.md

Example 2: On-Chain Address Review

When a user provides a blockchain address:

Validate address format
Query AML risk data (via available tools)
Output report using templates/report-onchain.md

Contributing

This framework is maintained by SlowMist. Contributions welcome:

New attack patterns
Improved detection rules
Additional review templates

Credits

Inspired by skill-vetter by spclaudehome
Attack patterns informed by the OpenClaw Security Practice Guide
Prompt injection patterns based on real-world PoC research

License

MIT License — Free to use, modify, and distribute.

Security is not a feature — it's a prerequisite. 🛡️

SlowMist · https://slowmist.com

Installationen

Installationen 130

Globales Ranking #601 von 601

Sicherheitsprüfung

ath Safe

socket Safe

Warnungen: 0 Bewertung: 90

snyk Medium

zeroleaks Medium

Bewertung: 69

Quellcode ansehen

slowmist/slowmist-agent-security

Mehr aus dieser Quelle

EU-Hosted Inference API

Power your AI Agents with
the best open-source models.

Drop-in OpenAI-compatible API. No data leaves Europe.

Explore Inference API

GLM

GLM 5

$1.00 / $3.20

per M tokens

Kimi

Kimi K2.5

$0.60 / $2.80

per M tokens

MiniMax

MiniMax M2.5

$0.30 / $1.20

per M tokens

Qwen

Qwen3.5 122B

$0.40 / $3.00

per M tokens

So verwenden Sie diesen Skill

Install slowmist-agent-security by running npx skills add slowmist/slowmist-agent-security --skill slowmist-agent-security in your project directory. Führen Sie den obigen Installationsbefehl in Ihrem Projektverzeichnis aus. Die Skill-Datei wird von GitHub heruntergeladen und in Ihrem Projekt platziert.

Keine Konfiguration erforderlich. Ihr KI-Agent (Claude Code, Cursor, Windsurf usw.) erkennt installierte Skills automatisch und nutzt sie als Kontext bei der Code-Generierung.

Der Skill verbessert das Verständnis Ihres Agenten für slowmist-agent-security, und hilft ihm, etablierte Muster zu befolgen, häufige Fehler zu vermeiden und produktionsreifen Code zu erzeugen.

Was Sie erhalten

Skills sind Klartext-Anweisungsdateien — kein ausführbarer Code. Sie kodieren Expertenwissen über Frameworks, Sprachen oder Tools, das Ihr KI-Agent liest, um seine Ausgabe zu verbessern. Das bedeutet null Laufzeit-Overhead, keine Abhängigkeitskonflikte und volle Transparenz: Sie können jede Anweisung vor der Installation lesen und prüfen.

Kompatibilität

Dieser Skill funktioniert mit jedem KI-Coding-Agenten, der das skills.sh-Format unterstützt, einschließlich Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider und anderen Tools, die projektbezogene Kontextdateien lesen. Skills sind auf Transportebene framework-agnostisch — der Inhalt bestimmt, für welche Sprache oder welches Framework er gilt.

Data sourced from the skills.sh registry and GitHub. Install counts and security audits are updated regularly.

Made in Europe

Chat with 100+ AI Models in one App.

Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.

Start for free View pricing

App herunterladen:

slowmist-agent-security AI Agent Skill

SlowMist Agent Security Skill 🛡️

Overview

Installation

Option 1: Direct Download

Option 2: ClawHub (when available)

Quick Start

Framework Structure

Risk Rating System

Trust Hierarchy

Optional Integration

Usage Examples

Example 1: Skill Review

Example 2: On-Chain Address Review

Contributing

Credits

License

Installationen

Sicherheitsprüfung

Quellcode ansehen

Power your AI Agents with the best open-source models.

So verwenden Sie diesen Skill

Was Sie erhalten

Kompatibilität

Chat with 100+ AI Models in one App.

Power your AI Agents with
the best open-source models.