11 KiB
11 KiB
ClawHub Publication Guide
This guide walks you through publishing Security Sentinel to ClawHub.
Prerequisites
- ClawHub account - Sign up at https://clawhub.ai
- GitHub repository - Already created with all files
- CLI installed (optional but recommended):
npm install -g @clawhub/cli # or pip install clawhub-cli
Method 1: Web Interface (Easiest)
Step 1: Login to ClawHub
- Go to https://clawhub.ai
- Click "Sign In" or "Sign Up"
- Navigate to "Publish Skill"
Step 2: Fill Skill Metadata
Name: security-sentinel
Display Name: Security Sentinel
Author: Georges Andronescu (Wesley Armando)
Version: 1.0.0
License: MIT
Description (short):
Production-grade prompt injection defense for autonomous AI agents. Blocks jailbreaks, system extraction, multi-lingual evasion, and more.
Description (full):
Security Sentinel provides comprehensive protection against prompt injection attacks for autonomous AI agents. With 5 layers of defense, 347+ core patterns, support for 15+ languages, and ~98% attack coverage, it's the most complete security skill available for OpenClaw agents.
Features:
- Multi-layer defense (blacklist, semantic, multi-lingual, transliteration, homoglyph)
- 347 core patterns + 3,500 total patterns across 15+ languages
- Semantic intent classification with <2% false positives
- Real-time monitoring and audit logging
- Penalty scoring system with automatic lockdown
- Production-ready with ~50ms overhead
Battle-tested against OWASP LLM Top 10, ClawHavoc campaign, and 2+ years of jailbreak attempts.
Step 3: Link GitHub Repository
Repository URL: https://github.com/georges91560/security-sentinel-skill
Installation Source: https://raw.githubusercontent.com/georges91560/security-sentinel-skill/main/SKILL.md
Step 4: Add Tags
Tags:
- security
- prompt-injection
- defense
- jailbreak
- multi-lingual
- production-ready
- autonomous-agents
- safety
Step 5: Upload Icon (Optional)
- Create a 512x512 PNG with shield emoji 🛡️
- Or use: https://openmoji.org/library/emoji-1F6E1/ (shield)
Step 6: Set Pricing (if applicable)
Pricing Model: Free (Open Source)
License: MIT
Step 7: Review and Publish
- Preview how it will look
- Check all links work
- Click "Publish"
Method 2: CLI (Advanced)
Step 1: Install ClawHub CLI
npm install -g @clawhub/cli
# or
pip install clawhub-cli
Step 2: Login
clawhub login
# Follow authentication prompts
Step 3: Create Manifest
Create clawhub.yaml in your repo:
name: security-sentinel
version: 1.0.0
author: Georges Andronescu
license: MIT
repository: https://github.com/georges91560/security-sentinel-skill
description:
short: Production-grade prompt injection defense for autonomous AI agents
full: |
Security Sentinel provides comprehensive protection against prompt injection
attacks for autonomous AI agents. With 5 layers of defense, 347+ core patterns,
support for 15+ languages, and ~98% attack coverage, it's the most complete
security skill available for OpenClaw agents.
files:
main: SKILL.md
references:
- references/blacklist-patterns.md
- references/semantic-scoring.md
- references/multilingual-evasion.md
install:
type: github-raw
url: https://raw.githubusercontent.com/georges91560/security-sentinel-skill/main/SKILL.md
tags:
- security
- prompt-injection
- defense
- jailbreak
- multi-lingual
- production-ready
- autonomous-agents
- safety
metadata:
homepage: https://github.com/georges91560/security-sentinel-skill
documentation: https://github.com/georges91560/security-sentinel-skill/blob/main/README.md
issues: https://github.com/georges91560/security-sentinel-skill/issues
changelog: https://github.com/georges91560/security-sentinel-skill/blob/main/CHANGELOG.md
requirements:
openclaw: ">=3.0.0"
optional_dependencies:
python:
- sentence-transformers>=2.2.0
- numpy>=1.24.0
- langdetect>=1.0.9
Step 4: Validate Manifest
clawhub validate clawhub.yaml
Step 5: Publish
clawhub publish
Step 6: Verify
clawhub search security-sentinel
Post-Publication Checklist
Immediate (Day 1)
- Test installation:
clawhub install security-sentinel - Verify all files download correctly
- Check skill appears in ClawHub search
- Test with a fresh OpenClaw agent
- Share announcement on X/Twitter
- Cross-post to LinkedIn
Week 1
- Monitor GitHub issues
- Respond to ClawHub reviews
- Share usage examples
- Create demo video
- Write blog post
Ongoing
- Weekly: Check for new issues
- Monthly: Update patterns based on new attacks
- Quarterly: Major version updates
- Annual: Security audit
Marketing Strategy
Launch Week Content Calendar
Day 1 (Launch Day):
- Main announcement (X/Twitter thread)
- LinkedIn post (professional angle)
- Post to Reddit: r/LocalLLaMA, r/ClaudeAI
- Submit to HackerNews
Day 2:
- Technical deep-dive (blog post or X thread)
- Share architecture diagram
- Demo video
Day 3:
- Case study: "How it blocked ClawHavoc attacks"
- Share real attack logs (sanitized)
Day 4:
- Integration guide (Wesley-Agent)
- Code examples
Day 5:
- Community spotlight (if anyone contributed)
- Request feedback
Weekend:
- Monitor engagement
- Respond to comments
- Collect feedback for v1.1
Content Ideas
Technical:
- "5 layers of prompt injection defense explained"
- "How semantic analysis catches what blacklists miss"
- "Multi-lingual injection: The attack vector no one talks about"
Business/Impact:
- "Why 7.1% of AI agents are malware"
- "The cost of a single prompt injection attack"
- "AI governance in 2026: What changed"
Educational:
- "10 prompt injection techniques and how to block them"
- "Building production-ready AI agents"
- "Security lessons from ClawHavoc campaign"
Monitoring Success
Key Metrics to Track
ClawHub:
- Downloads/installs
- Stars/ratings
- Reviews
- Forks/derivatives
GitHub:
- Stars
- Forks
- Issues opened
- Pull requests
- Contributors
Social:
- Impressions
- Engagements
- Shares/retweets
- Mentions
Usage:
- Active agents using the skill
- Attacks blocked (aggregate)
- False positive reports
Success Criteria
Week 1:
- 100+ ClawHub installs
- 50+ GitHub stars
- 10,000+ X/Twitter impressions
- 3+ community contributions (issues/PRs)
Month 1:
- 500+ installs
- 200+ stars
- Featured on ClawHub homepage
- 2+ blog posts/articles mention it
- 10+ community contributors
Quarter 1:
- 2,000+ installs
- 500+ stars
- Used in production by 50+ companies
- v1.1 released with community features
- Security certification/audit completed
Troubleshooting Common Issues
"Skill not found on ClawHub"
Solution:
- Wait 5-10 minutes after publishing (indexing delay)
- Check skill name spelling
- Verify publication status in dashboard
- Clear ClawHub cache:
clawhub cache clear
"Installation fails"
Solution:
- Check GitHub raw URL is accessible
- Verify SKILL.md is in main branch
- Test manually:
curl https://raw.githubusercontent.com/... - Check file permissions (should be public)
"Files missing after install"
Solution:
- Verify directory structure in repo
- Check references are in correct path
- Ensure main SKILL.md references correct paths
- Update clawhub.yaml files list
"Version conflict"
Solution:
- Update version in clawhub.yaml
- Create git tag:
git tag v1.0.0 && git push --tags - Republish:
clawhub publish --force
Updating the Skill
Patch Update (1.0.0 → 1.0.1)
# 1. Make changes
git add .
git commit -m "Fix: [description]"
# 2. Update version
# Edit clawhub.yaml: version: 1.0.1
# 3. Tag and push
git tag v1.0.1
git push && git push --tags
# 4. Republish
clawhub publish
Minor Update (1.0.0 → 1.1.0)
# Same as patch, but:
# - Update CHANGELOG.md
# - Announce new features
# - Update README.md if needed
Major Update (1.0.0 → 2.0.0)
# Same as minor, but:
# - Migration guide for breaking changes
# - Deprecation notices
# - Blog post explaining changes
Support & Maintenance
Expected Questions
Q: "Does it work with [other agent framework]?" A: Security Sentinel is OpenClaw-native but the patterns and logic can be adapted. Check the README for integration examples.
Q: "How do I add my own patterns?"
A: Fork the repo, edit references/blacklist-patterns.md, submit a PR. See CONTRIBUTING.md.
Q: "It blocked my legitimate query, false positive!" A: Please open a GitHub issue with the query (if not sensitive). We tune thresholds based on feedback.
Q: "Can I use this commercially?" A: Yes! MIT license allows commercial use. Just keep the license notice.
Q: "How do I contribute a new language?"
A: Edit references/multilingual-evasion.md, add patterns for your language, include test cases, submit PR.
Community Management
GitHub Issues:
- Response time: <24 hours
- Label appropriately (bug, feature, question)
- Close resolved issues promptly
- Thank contributors
ClawHub Reviews:
- Respond to all reviews
- Thank positive feedback
- Address negative feedback constructively
- Update based on common requests
Social Media:
- Engage with mentions
- Retweet user success stories
- Share community contributions
- Weekly update thread
Legal & Compliance
License Compliance
MIT license requires:
- Include license in distributions
- Copyright notice retained
- No warranty disclaimer
Users can:
- Use commercially
- Modify
- Distribute
- Sublicense
Data Privacy
Security Sentinel:
- Does NOT collect user data
- Does NOT phone home
- Logs stay local (AUDIT.md)
- No telemetry
If you add telemetry:
- Disclose in README
- Make opt-in
- Comply with GDPR/CCPA
- Provide opt-out
Security Disclosure
If someone reports a bypass:
- Thank them privately
- Verify the issue
- Patch quickly (same day if critical)
- Credit the researcher (with permission)
- Update CHANGELOG.md
- Publish patch as hotfix
Resources
Official:
- ClawHub Docs: https://docs.clawhub.ai
- OpenClaw Docs: https://docs.openclaw.ai
- Skill Creation Guide: https://docs.clawhub.io/skills/create
Community:
- Discord: https://discord.gg/openclaw
- Forum: https://forum.openclaw.ai
- Subreddit: r/OpenClaw
Related:
- OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/
- Anthropic Security: https://www.anthropic.com/research#security
- Prompt Injection Primer: https://simonwillison.net/2023/Apr/14/worst-that-can-happen/
Good luck with your launch! 🚀🛡️
If you have questions, the community is here to help.
Remember: Every agent you protect makes the ecosystem safer for everyone.