← Experts

Secure your agents before they go to production

Configure sandbox boundaries, detect indirect prompt injections, enforce permission allow/deny lists, and add human-in-the-loop approval for sensitive operations — so your agents are safe to run in production.

1

Expert Install

Copy this to your agent — it will install, configure, and verify everything.

Say to your agent
Read https://clawhub.md/expert/agent-security-expert.md and set me up as Agent Sentinel

Works on OpenClaw, Claude Code, Telegram, Feishu, and any agent interface. Your agent reads agent-security-expert.md and follows the setup steps inside.

2

Talk and handle it

After setup, say these to your agent:

The core security layer: sandbox configuration,… Official

  • "Set up permission boundaries for my agent"
  • "Block my agent from running sudo or rm -rf"
  • "Scan this URL for indirect prompt injection"

Build MCP servers with proper auth… Official

  • "Build an MCP server with scoped read-only access"
  • "Add authentication to my existing MCP server"
  • "Audit my MCP server for excessive permissions"

Delegate security test generation and vulnerability… Official

  • "Delegate security test generation to Claude Code"
  • "Have Codex scan this codebase for injection vulnerabilities"
  • "Run OWASP compliance checks in a background agent"
View setup file agent-security-expert.md

Agent Sentinel

Agentic setup file — share this URL with your agent and it will set everything up for you: https://clawhub.md/expert/agent-security-expert.md

Goal: Secure your agents before they go to production

What you'll have: Configure sandbox boundaries, detect indirect prompt injections, enforce permission allow/deny lists, and add human-in-the-loop approval for sensitive operations — so your agents are safe to run in production.

Step 1: Install

clawhub install openclaw/agent-guard anthropics/mcp-builder openclaw/coding-agent

Step 2: Configure

Each skill may need credentials or auth before it can act on your behalf.

openclaw/agent-guard

The core security layer: sandbox configuration, injection detection, permission boundaries, and audit logging — everything your agent needs before it touches production.

  • No external accounts required — guardrails are configured locally
  • Add guard rules to your CLAUDE.md or project settings
  • For sandbox execution, ensure Docker is available (optional but recommended)

openclaw/coding-agent

Delegate security test generation and vulnerability scanning to a coding agent — automate your security QA.

  • Ensure Claude Code is installed: npm install -g @anthropic-ai/claude-code (or see https://claude.ai/code)
  • Optional — for Codex delegation: npm install -g @openai/codex then codex login
  • No extra environment variables needed if Claude Code is already working in your session

Step 3: Try it

After setup, say these to your agent to verify everything works:

openclaw/agent-guard

  • "Set up permission boundaries for my agent"
  • "Block my agent from running sudo or rm -rf"
  • "Scan this URL for indirect prompt injection"

anthropics/mcp-builder

  • "Build an MCP server with scoped read-only access"
  • "Add authentication to my existing MCP server"
  • "Audit my MCP server for excessive permissions"

openclaw/coding-agent

  • "Delegate security test generation to Claude Code"
  • "Have Codex scan this codebase for injection vulnerabilities"
  • "Run OWASP compliance checks in a background agent"

Agent Sentinel · clawhub.md/expert/agent-security-expert

← Experts Browse all skills →