SlowMist Agent Security Skill ๐ก๏ธ
April 17, 2026 ยท View on GitHub
A comprehensive security review framework for AI agents operating in adversarial environments.
Core principle: Every external input is untrusted until verified.
Overview
This skill provides a structured security review framework applicable to OpenClaw, Hermes Agent, and other LLM-based agent systems, covering:
- Skill/MCP Installation โ Detect malicious patterns before installation
- GitHub Repository Review โ Audit codebases for security issues
- URL/Document Analysis โ Scan for prompt injection and social engineering
- On-Chain Address Review โ AML risk assessment and transaction analysis
- Product/Service Evaluation โ Architecture and permission analysis
- Social Share Review โ Validate tools recommended in chats
Installation
The installation example below uses OpenClaw for demonstration. In practice, you can simply hand the repository URL to your agent and let it handle the installation โ it's that easy.
Option 1: Direct Download
Download the latest release and extract to your OpenClaw workspace:
cd ~/.openclaw/workspace/skills
git clone https://github.com/slowmist/slowmist-agent-security.git
Option 2: ClawHub (when available)
clawhub install slowmist-agent-security
Quick Start
Once installed, the agent will automatically reference this framework when encountering:
- Skill/MCP installation requests
- Unknown GitHub repositories
- External URLs or documents
- Blockchain addresses
- Product/service recommendations
Framework Structure
slowmist-agent-security/
โโโ SKILL.md # Main framework documentation
โโโ README.md # This file
โโโ _meta.json # ClawHub metadata
โโโ reviews/
โ โโโ skill-mcp.md # Skill/MCP review guide
โ โโโ repository.md # GitHub repo review guide
โ โโโ url-document.md # URL/document review guide
โ โโโ onchain.md # On-chain address review guide
โ โโโ product-service.md # Product/service review guide
โ โโโ message-share.md # Social share review guide
โโโ patterns/
โ โโโ red-flags.md # Code-level dangerous patterns (11 categories)
โ โโโ social-engineering.md # Social engineering patterns (8 categories)
โ โโโ supply-chain.md # Supply chain attack patterns (7 categories)
โโโ templates/
โโโ report-skill.md # Skill assessment report template
โโโ report-repo.md # Repository assessment report template
โโโ report-url.md # URL/document assessment report template
โโโ report-onchain.md # On-chain assessment report template
โโโ report-product.md # Product/service assessment report template
Risk Rating System
| Level | Meaning | Agent Action |
|---|---|---|
| ๐ข LOW | Information-only, no execution, no data collection, trusted source | Inform user, proceed if requested |
| ๐ก MEDIUM | Limited capability, clear scope, known source, some risk | Full report with risk items, recommend caution |
| ๐ด HIGH | Involves credentials, funds, system modification, unknown source | Detailed report, must have human approval |
| โ REJECT | Matches red-flag patterns, confirmed malicious, unacceptable design | Refuse to proceed, explain why |
Trust Hierarchy
| Tier | Source Type | Scrutiny Level |
|---|---|---|
| 1 | Official project/exchange org | Moderate |
| 2 | Known security teams/researchers | Moderate |
| 3 | ClawHub high-download + multi-version | Moderate-High |
| 4 | GitHub high-star + actively maintained | High โ verify code |
| 5 | Unknown source, new account | Maximum scrutiny |
Optional Integration
- MistTrack Skills โ For on-chain AML risk assessment (external tool)
Usage Examples
Example 1: Skill Review
When a user asks to install a skill:
- Reference
reviews/skill-mcp.md - Scan files using
patterns/red-flags.md - Output report using
templates/report-skill.md
Example 2: On-Chain Address Review
When a user provides a blockchain address:
- Validate address format
- Query AML risk data (via available tools)
- Output report using
templates/report-onchain.md
Contributing
This framework is maintained by SlowMist. Contributions welcome:
- New attack patterns
- Improved detection rules
- Additional review templates
Credits
- Inspired by skill-vetter by spclaudehome
- Attack patterns informed by the OpenClaw Security Practice Guide
- Prompt injection patterns based on real-world PoC research
License
MIT License โ Free to use, modify, and distribute.
Security is not a feature โ it's a prerequisite. ๐ก๏ธ
SlowMist ยท https://slowmist.com