If you're running Claude Code in an environment where you pull third-party skills, this gives you a cryptographically signed advisory feed that checks installed skills against known malicious entries. It installs an OpenClaw hook that scans on bootstrap and new sessions, plus a guarded installer that requires double confirmation if an advisory matches. The setup is heavier than most skills (requires node, curl, jq, shasum, openssl, unzip), and it writes hooks and optional cron jobs to your system. The approval-gating is real: it won't auto-remove anything, but it will stop you and show you the advisory before you proceed. Useful if you treat your Claude environment like production and want defense in depth against supply-chain risks.
npx skills add https://github.com/prompt-security/clawsec --skill clawsec-suite