tophant-clawvault
AI security system for protecting agents from prompt injection, data leakage, and dangerous commands
Best use case
tophant-clawvault is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
AI security system for protecting agents from prompt injection, data leakage, and dangerous commands
Teams using tophant-clawvault should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/tophant-clawvault/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How tophant-clawvault Compares
| Feature / Agent | tophant-clawvault | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
AI security system for protecting agents from prompt injection, data leakage, and dangerous commands
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# ClawVault Skill AI security system for OpenClaw with installation, rule generation, detection, and monitoring. **Protection Against:** - Prompt injection attacks - Data leakage (PII, credentials, API keys) - Dangerous command execution - Jailbreak attempts ## Commands ### /clawvault start Start ClawVault services. ```bash clawvault start # Default: localhost only (secure) clawvault start --mode strict # Strict mode ``` ### /clawvault install Install ClawVault. ```bash /clawvault install --mode quick # Recommended /clawvault install --mode standard # Interactive /clawvault install --mode advanced # Full control ``` ### /clawvault health Check service health and status. ```bash /clawvault health ``` ### /clawvault generate-rule Generate security rules from natural language. ```bash /clawvault generate-rule "Block all AWS credentials" /clawvault generate-rule --scenario customer_service --apply ``` **Scenarios:** `customer_service`, `development`, `production`, `finance` ### /clawvault status Get running status and statistics. ```bash /clawvault status ``` ### /clawvault test Run detection tests. ```bash /clawvault test --category all /clawvault test --category sensitive ``` **Categories:** `all`, `sensitive`, `injection`, `commands` ### /clawvault uninstall Remove ClawVault. ```bash /clawvault uninstall /clawvault uninstall --keep-config # Keep configuration ``` ## Quick Examples ```bash # Install /clawvault install --mode quick # Generate rule /clawvault generate-rule "Detect database passwords" --apply # Apply scenario /clawvault generate-rule --scenario customer_service --apply # Check health /clawvault health ``` ## Requirements - Python 3.10+ - Ports 8765, 8766 available ## Permissions - `execute_command` - Run installation and ClawVault commands - `write_files` - Create configuration files - `read_files` - Read configurations - `network` - Download packages and API calls ## Security Considerations ⚠️ **Important:** ClawVault operates as a local HTTP proxy that inspects AI traffic. **What This Means:** - ClawVault can see API requests, responses, and API keys - This is intentional and necessary for threat detection - All data stays on your local machine **Dashboard Security:** - Default: Binds to `127.0.0.1` (localhost only) ✅ Secure - **For remote access:** Use SSH tunneling instead of exposing dashboard - Example: `ssh -L 8766:localhost:8766 user@server` **Before Installing:** - Review the [SECURITY.md](./SECURITY.md) documentation - Understand that ClawVault will inspect all proxied traffic - Ensure dashboard binding is appropriate for your environment - Consider running in isolated environment for sensitive use cases **For Production:** - Use localhost-only dashboard - Enable strict mode: `--mode strict` - Configure audit log retention - Review detection logs regularly See [SECURITY.md](./SECURITY.md) for complete security documentation. ## Documentation - **Full Guide**: https://github.com/tophant-ai/ClawVault/blob/main/doc/OPENCLAW_SKILL.md - **中文文档**: https://github.com/tophant-ai/ClawVault/blob/main/doc/zh/OPENCLAW_SKILL.md - **Repository**: https://github.com/tophant-ai/ClawVault ## License MIT © 2026 Tophant SPAI Lab
Related Skills
ClawVault Payments
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
openclaw-clawvault
Operate ClawVault services, configuration, vault presets, and scanning from OpenClaw
compose-multiplatform-patterns
KMP项目中的Compose Multiplatform和Jetpack Compose模式——状态管理、导航、主题化、性能优化和平台特定UI。
java-coding-standards
Spring Bootサービス向けのJavaコーディング標準:命名、不変性、Optional使用、ストリーム、例外、ジェネリクス、プロジェクトレイアウト。
continuous-learning
Claude Codeセッションから再利用可能なパターンを自動的に抽出し、将来の使用のために学習済みスキルとして保存します。
nextjs-best-practices
Next.js App Router principles. Server Components, data fetching, routing patterns.
network-101
Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems.
neon-postgres
Expert patterns for Neon serverless Postgres, branching, connection pooling, and Prisma/Drizzle integration
nanobanana-ppt-skills
AI-powered PPT generation with document analysis and styled images
multi-agent-patterns
This skill should be used when the user asks to "design multi-agent system", "implement supervisor pattern", "create swarm architecture", "coordinate multiple agents", or mentions multi-agent patterns, context isolation, agent handoffs, sub-agents, or parallel agent execution.
monorepo-management
Build efficient, scalable monorepos that enable code sharing, consistent tooling, and atomic changes across multiple packages and applications.
monetization
Estrategia e implementacao de monetizacao para produtos digitais - Stripe, subscriptions, pricing experiments, freemium, upgrade flows, churn prevention, revenue optimization e modelos de negocio SaaS.