Summary
When you discover a malicious skill in your OpenClaw workspace, this walks you through the full incident response playbook: immediate containment, evidence preservation, investigation checkpoints, credential rotation priorities, and recovery verification. It's structured around severity levels (SEV-1 through SEV-4) and gives you explicit checklists for things like checking persistence mechanisms in bashrc or authorized_keys, rotating API keys in order of urgency, and documenting what happened. The opinionated stance is good here: containment first, assume the worst, never trust the malicious skill's own logs. It's basically a printed laminated card for the exact moment when you're panicking about what a sketchy skill might have accessed.
Install to Claude Code
npx -y skills add useai-pro/openclaw-skills-security --skill incident-responder --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
