MCP App StoreMCP App Store
from clawsec991
Generate deterministic runtime attestations and perform fail-closed drift detection for Hermes-managed infrastructure.
Generates deterministic Hermes posture attestations, verifies them with fail-closed integrity checks, and compares current state against authenticated baselines to detect drift. It provides operator-focused commands to generate, verify, and refresh advisory feeds, and includes guarded verification gates to prevent installing untrusted skill releases.
Use this skill when you operate Hermes-managed gateways or agent runtimes and need cryptographic assurance of runtime posture, release authenticity, or baseline drift detection. Ideal for operators who must enforce signed release installs and automated attestation-based monitoring.
scripts/*.mjs utilities for generate_attestation, verify_attestation, refresh_advisory_feed, check_advisories, guarded_skill_verify, and scheduler helpers (has_scripts=true)Compatible with Hermes/NanoClaw/OpenClaw operator toolchains; requires node runtime for scripts. It is operator-focused and not a runtime hook for OpenClaw agents.
Hermes Attestation Guardian generates deterministic runtime security attestations and performs fail-closed drift detection for Hermes-managed infrastructure. It includes 7 well-structured .mjs scripts for attestation generation/verification, advisory feed management, and cron scheduling. Scripts were skipped by the runner (unsupported .mjs extension) but static analysis shows solid security posture with fail-closed defaults, proper input validation, atomic file writes, and signature verification. The SCHEDULE_BIN variable obfuscation (joining 'cron' and 'tab') is an odd stylistic choice but not malicious.
node (for .mjs scripts)Well-designed security skill with fail-closed defaults, proper signature verification, and thorough documentation. Narrow usefulness due to Hermes-specific scope. The release artifact verification in SKILL.md is a nice security touch. Scripts could not be run due to .mjs extension not being supported by run_scripts.py.
Claw Release
Release automation for OpenClaw skills: version bumping, tagging, packaging, and CI verification for skill releases.
ClawSec Scanner
Automated, multi-engine vulnerability scanner for agent platforms that runs dependency scans, SAST, CVE enrichment and agent-specific DAST harnesses to surface
Monad Development
Practical developer skill for deploying and verifying smart contracts, configuring Foundry projects, and integrating frontends (viem/wagmi) on the Monad blockch
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf