This is a security scanner for NanoClaw skills that checks them against a curated vulnerability feed before you install anything or when you want to audit what's already running. It pulls from a signed advisory feed every six hours, gives you exploitability scores alongside severity ratings, and includes integrity monitoring to catch unexpected file changes. The pre-install check pattern is the main workflow: you ask it to verify a skill, it tells you if there are known issues, then you decide whether to proceed. It won't catch zero-days or do code review, but it will stop you from installing something with a known RCE vulnerability, which is exactly the kind of mistake that's easy to make when you're moving fast in a chat interface.
npx skills add https://github.com/prompt-security/clawsec --skill clawsec-nanoclaw