发现优质的 AI Agent 技能

> Practical guide for threat modeling systems, APIs, and AI agents. > Use this when performing `007 threat-model` or any security analysis that requires structured threat identification.

> Quick-reference checklists for the three most relevant OWASP Top 10 lists. > Use during code reviews, security audits, and threat modeling.

> Extended playbooks for common security incidents. > Each follows 5 phases: Contain, Assess, Remediate, Prevent, Document. > Use with `007 incident` or when responding to any security event.

> Reference for securing REST APIs, webhooks, and service-to-service communication. > Use during `007 audit`, `007 threat-model`, and code reviews of API code.

> Security patterns, attacks, and defenses for AI agents, LLM applications, and prompt pipelines. > Reference for `007 audit` and `007 threat-model` when analyzing AI/LLM systems.

- Open with Context & Why Now; Users & JTBD; Success metrics (leading/lagging). - Number functional requirements; each with acceptance criteria. - Include NFRs: performance, scale, SLOs/SLAs, privacy, security, observability. - Scope in/out; rollout plan; risks & open questions. - Context, users, goals

- Correctness & tests; security & dependency hygiene; architectural boundaries. - Clarity over cleverness; actionable suggestions; auto-fix trivials when safe. - Verdict: [NEEDS REVISION | APPROVED WITH SUGGESTIONS] - Blockers: N | High: N | Medium: N - file:line — issue — specific fix suggestion

7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.

来自 openclaw/skills 技能

来自 openclaw/skills 技能

Claw Drive is local-first. Your files live on your machine. Cloud sync is optional.

Run `scripts/audit.py` before every commit, push, or skill publish. No exceptions.