diff --git a/README.md b/README.md index 7f683ff..be3fa78 100644 --- a/README.md +++ b/README.md @@ -32,22 +32,6 @@ OpenClaw (previously known as Moltbot, originally Clawdbot... identity crisis in Skills in this list are sourced from [ClawHub](https://www.clawhub.ai/) (OpenClaw's public skills registry) and categorized for easier discovery. -## Security Notice - -Skills in this list are **curated, not audited**. They may be updated, modified, or replaced by their original maintainers at any time after being added here. - -Before installing or using any Agent Skill, review potential security risks and validate the source yourself. - -**Recommended tools:** - -- [Snyk Skill Security Scanner](https://github.com/snyk/agent-scan) -- [Agent Trust Hub](https://ai.gendigital.com/agent-trust-hub) - -> Agent skills can include prompt injections, tool poisoning, hidden malware payloads, or unsafe data handling patterns. Always review the code and use skills at your own discretion. - -**Want to add a skill?** This list only includes skills that are **already published** in the `github.com/openclaw/skills` repository. We do not accept links to personal repos, gists, or any other external source. If your skill isn't in the OpenClaw skills repo yet, publish it there first. See [CONTRIBUTING.md](CONTRIBUTING.md) for details. - -We only include skills whose security status on ClawHub is **not flagged as suspicious**. If you believe a skill in this list should be flagged or has a security concern, please [open an issue](https://github.com/VoltAgent/awesome-clawdbot-skills/issues) so we can review it. ## Installation @@ -89,9 +73,24 @@ OpenClaw's public registry (ClawHub) hosts **5,705 community-built skills** as o | Non-English — descriptions not in English | 8 | | **Total not taken from OpenClaw's official skill registry** | **2,748** | -> **Disclaimer:** Inclusion in this list does **not** guarantee a skill is safe or trustworthy. OpenClaw now has a VirusTotal partnership that provides security scanning for skills. Before installing a skill, visit its page on ClawHub and check the VirusTotal report to see if it's flagged as risky. We also recommend reviewing a skill's source code before installing and using tools like Claude Code or Codex to inspect it for potentially harmful behavior. -If you think a skill was incorrectly excluded or miscategorized, feel free to open an issue or PR. We may have made mistakes. +## Security Notice + +Skills in this list are **curated, not audited**. They may be updated, modified, or replaced by their original maintainers at any time after being added here. + +Before installing or using any Agent Skill, review potential security risks and validate the source yourself. OpenClaw has a **VirusTotal partnership** that provides security scanning for skills, visit a skill's page on ClawHub and check the VirusTotal report to see if it's flagged as risky. + +**Recommended tools:** + +- [Snyk Skill Security Scanner](https://github.com/snyk/agent-scan) +- [Agent Trust Hub](https://ai.gendigital.com/agent-trust-hub) + +> Agent skills can include prompt injections, tool poisoning, hidden malware payloads, or unsafe data handling patterns. Always review the source code before installing and use skills at your own discretion. + +**Want to add a skill?** This list only includes skills that are **already published** in the `github.com/openclaw/skills` repository. We do not accept links to personal repos, gists, or any other external source. If your skill isn't in the OpenClaw skills repo yet, publish it there first. See [CONTRIBUTING.md](CONTRIBUTING.md) for details. + +If you believe a skill in this list should be flagged or has a security concern, please [open an issue](https://github.com/VoltAgent/awesome-clawdbot-skills/issues) so we can review it. +