What it does

ClawMoat provides real-time security scanning for AI agents. It detects prompt-injection patterns, jailbreak attempts, exposed secrets/credentials, PII, and dangerous tool call signatures. The skill ships with scripts to scan text or files, audit agent session logs, and run tests; findings are categorized by severity.

When to use it

Run ClawMoat before processing untrusted inputs, prior to executing tool calls sourced from external content, when sending messages that may contain secrets, or periodically to audit agent session logs for security incidents.

What's included

Scripts: yes — scripts/scan.sh, scripts/audit.sh, scripts/test.sh
References: none detected in the repo root for this skill
Instructions: usage examples for scanning text/files, interpreting severity levels (CRITICAL/HIGH -> block; MEDIUM -> warn; LOW/INFO -> log), and audit recommendations.

Compatible agents

Intended for agents that can execute shell scripts and monitor logs (OpenClaw-compatible agents, CLI-enabled agents, security-focused automation agents).

ClawMoat — Agent Security Scanner

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills