The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches security advisory data and installation artifacts from the vendor's official GitHub repository at github.com/prompt-security/ClawSec. These operations are consistent with the skill's primary purpose of delivering threat intelligence.- [COMMAND_EXECUTION]: The installation guide and maintenance documentation include shell script snippets for the agent to perform deployment tasks. These scripts incorporate security best practices, such as verifying file integrity with shasum, checking for path traversal in ZIP archives using grep, and enforcing file count limits to prevent ZIP bomb attacks.- [INDIRECT_PROMPT_INJECTION]: As the skill ingests external advisory data, it theoretically possesses an indirect injection surface. However, the risk is mitigated through the use of structured JSON parsing via jq and explicit validation of incoming data fields (e.g., skill name regex validation).- [DATA_EXPOSURE]: The skill maintains local state in ~/.openclaw/clawsec-feed-state.json and manages file permissions using chmod to ensure restrictive access to configuration files.

clawsec-feed