Merge pull request #135 from VoltAgent/update-security-section

Update security section

CONTRIBUTING.md

@@ -42,6 +42,12 @@ If an author has multiple skills in the same area, please don't add them one by
 - Fix broken links, typos, or outdated descriptions via PR
 - If a skill has been removed or deprecated, open an issue or submit a PR to remove it
 
+## Security Policy
+
+We only include skills whose security status on [ClawHub](https://www.clawhub.ai/) is **not flagged as suspicious**. Skills that are marked as suspicious on ClawHub will not be accepted into this list.
+
+If you believe a skill currently in this list has a security concern or should be flagged, please [open an issue](https://github.com/VoltAgent/awesome-clawdbot-skills/issues) so we can review and remove it.
+
 ## Important
 
 - This repository curates links only. Each skill lives in the official OpenClaw skills repo.

README.md

@@ -32,9 +32,7 @@ OpenClaw (previously known as Moltbot, originally Clawdbot... identity crisis in
 
 Skills in this list are sourced from [ClawHub](https://www.clawhub.ai/) (OpenClaw's public skills registry) and categorized for easier discovery.
 
-These skills follow the Agent Skill convention develop by Anthropic, an open standard for AI coding assistants.
 
-> **Want to add a skill?** This list only includes skills that are **already published** in the "github.com/openclaw/skills". We do not accept links to personal repos, gists, or any other external source. If your skill isn't in the OpenClaw skills repo yet, publish it there first. See [CONTRIBUTING.md](CONTRIBUTING.md) for details.
 
 ## Installation
 
@@ -75,9 +73,24 @@ OpenClaw's public registry (ClawHub) hosts **5,705 community-built skills** as o
 | Non-English — descriptions not in English | 8 |
 | **Total not taken from OpenClaw's official skill registry** | **2,748** |
 
-> **Disclaimer:** Inclusion in this list does **not** guarantee a skill is safe or trustworthy. OpenClaw now has a VirusTotal partnership that provides security scanning for skills. Before installing a skill, visit its page on ClawHub and check the VirusTotal report to see if it's flagged as risky. We also recommend reviewing a skill's source code before installing and using tools like Claude Code or Codex to inspect it for potentially harmful behavior.
 
-If you think a skill was incorrectly excluded or miscategorized, feel free to open an issue or PR. We may have made mistakes.
+## Security Notice
+
+Skills in this list are **curated, not audited**. They may be updated, modified, or replaced by their original maintainers at any time after being added here.
+
+Before installing or using any Agent Skill, review potential security risks and validate the source yourself. OpenClaw has a **VirusTotal partnership** that provides security scanning for skills, visit a skill's page on ClawHub and check the VirusTotal report to see if it's flagged as risky.
+
+**Recommended tools:**
+
+- [Snyk Skill Security Scanner](https://github.com/snyk/agent-scan)
+- [Agent Trust Hub](https://ai.gendigital.com/agent-trust-hub)
+
+> Agent skills can include prompt injections, tool poisoning, hidden malware payloads, or unsafe data handling patterns. Always review the source code before installing and use skills at your own discretion.
+
+**Want to add a skill?** This list only includes skills that are **already published** in the `github.com/openclaw/skills` repository. We do not accept links to personal repos, gists, or any other external source. If your skill isn't in the OpenClaw skills repo yet, publish it there first. See [CONTRIBUTING.md](CONTRIBUTING.md) for details.
+
+If you believe a skill in this list should be flagged or has a security concern, please [open an issue](https://github.com/VoltAgent/awesome-clawdbot-skills/issues) so we can review it.
+
 
 <br/>