The Agent Skills Directory

[PROMPT_INJECTION]: The phrases flagged by automated scanners in SKILL.md and references/openclaw-controls.md (e.g., "ignore all previous instructions") are part of descriptive text explaining how the OpenClaw security gateway detects malicious inputs. They are not instructions intended to bypass the agent's safety filters.
[CREDENTIALS_UNSAFE]: references/credential-storage.md discusses the local storage of credentials in ~/.nemoclaw/credentials.json. It provides guidance on securing these files using Unix permissions (chmod 600) and uses dummy strings as placeholders in its examples. No functional credentials are exposed.
[SAFE]: The skill is entirely informational, providing a risk framework and best practices for configuring NemoClaw security. It contains no executable code, remote script fetching, or privilege escalation logic.

nemoclaw-user-configure-security