Prompt Security, the AI security platform at prompt.security, has released ClawSec, a security skill suite built specifically for OpenClaw and NanoClaw agent deployments. The suite addresses an emerging category of attack vectors unique to autonomous agents: prompt injection targeting identity files, cognitive drift from malicious instruction modification, and tampered skill packages in agent supply chains.

What ClawSec Covers

ClawSec operates as what BrightCoding describes as a “skill-of-skills manager,” bundling six core capabilities into a single installation via npx clawhub@latest install clawsec-suite.

The soul-guardian skill monitors critical agent files, including SOUL.md, IDENTITY.md, and custom configuration artifacts. It generates checksums against trusted baselines and auto-restores files when drift is detected, whether from prompt injection, unauthorized edits, or corruption. The drift detection engine supports custom file patterns and can protect entire directory trees containing agent instructions.

A live security advisory feed polls NIST’s National Vulnerability Database every six hours, filtering CVEs for relevance to AI agent dependencies and platform-specific vulnerabilities. The feed endpoint delivers structured JSON advisories with severity ratings, affected platforms, and remediation guidance. As of July 2, 2026, the feed includes active advisories for OpenClaw versions prior to 2026.5.28, covering workspace dotenv credential override vulnerabilities (GHSA-4pqj-3c56-5fqq).

Each skill package includes SHA256 checksum verification for OpenClaw and Ed25519 signature verification for NanoClaw, creating a dual-layer cryptographic chain of trust from installation through runtime.

Platform-Specific Deployments

The installation paths diverge by platform. OpenClaw users install via npm with skills landing in ~/.openclaw/skills/, while NanoClaw deployments require copying skills into containerized environments and integrating nine MCP tools into the agent’s tool registry. NanoClaw-specific monitoring covers WhatsApp bot libraries like baileys, a common dependency in containerized bot deployments.

An automated audit skill, openclaw-audit-watchdog, runs daily scans for prompt injection markers, suspicious instruction patterns, and known vulnerability signatures. Results can route to email, Slack, or SIEM systems.

The Agent Identity Attack Surface

The timing aligns with a broader industry shift. NCT has covered nine CVEs affecting OpenClaw in recent months, and JadePuffer ransomware demonstrated autonomous agent-driven attack pipelines last week. Agent identity files, the cognitive architecture that defines how an agent thinks and behaves, represent a distinct attack surface from traditional application security. A compromised SOUL.md file can redirect an agent’s purpose without triggering conventional security tooling.

ClawSec’s optional clawtributor skill enables anonymized incident reporting to a crowdsourced threat intelligence network, sharing sanitized attack patterns across the user base. The feature is opt-in.

The Supply Chain Question

ClawSec addresses a gap that enterprise security tools were not designed for. Traditional network and application security monitors endpoints, traffic, and code execution. Agent security requires monitoring the instructions themselves, verifying that the cognitive layer between the model and the tools remains untampered. Whether ClawSec or a competitor fills this gap at scale depends on adoption, but the category now has a dedicated entrant built on a live advisory infrastructure.