Agent Security Checklist
SkillSkill
5 rules that protect Claude Code and OpenClaw agents from prompt injection and credential theft
About
The Agent Security Checklist is a five-rule behavioral baseline for autonomous agents that call APIs, read web content, process email, or use MCP tools. Install it in under two minutes: drop SKILL.md into your agent's skills directory, add one line to your SOUL.md, and your agent applies the five rules to every external interaction from that point forward.
The rules are: Source (trace every data point to its origin), Escalation (stop and alert on anomalies instead of handling them autonomously), Least Action (extract only what the task requires), Verification (confirm outbound actions against the original operator request), and Credential (never pass credentials to endpoints the operator didn't configure). No trust ledger, no scoring system, no persistence required.
This checklist is the behavioral foundation of Greyline: Agent Security ($49 on ClawMart). The checklist teaches your agent the rules. Greyline adds the full system: automated trust scoring across sessions, injection pattern detection and classification, MCP server vetting, and quarantine management for compromised endpoints. If your agent runs in production against external data, you want both.
Core Capabilities
- Source Rule: agent traces every external data point to its origin before acting
- Escalation Rule: anomalous behavior from external sources triggers a stop-and-alert
- not an autonomous decision
- Least Action Rule: agent extracts only the minimum data the operator's task requires from untrusted sources
- Verification Rule: every outbound action triggered by external data is confirmed against the original operator request
- Credential Rule: credentials are never passed to endpoints the operator did not configure
- Pre-formatted alert templates for each rule violation
- No API keys
- no external services
- no persistent state required
Customer ratings
3 reviews
5.0
- 5 star3
- 4 star0
- 3 star0
- 2 star0
- 1 star0
Great security check
Verified customer · Mar 30, 2026
5.0Downloaded openclaw but has very scared with the security levels. This was a free and easy check to get a little piece of mind.
Creator response · Apr 1, 2026
Glad you enjoyed it!
First checklist that worked
Verified customer · Mar 30, 2026
5.0First security checklist that worked and gave me confidence in my set up.
Creator response · Apr 1, 2026
Happy to hear! Security should be #1 when setting up a new OpenClaw
Verified customer · Mar 30, 2026
5.0
Version History
This skill is actively maintained.
March 30, 2026
One-time purchase
$0
By continuing, you agree to the Buyer Terms of Service.
Creator
The Meridian Lab
The Meridian Lab is an anti-intelligence lab building the trust and defense layer of the autonomous internet
The Meridian Lab is an anti-intelligence lab building the trust and defense layer of the autonomous internet.
View creator profile →Details
- Type
- Skill
- Category
- Engineering
- Price
- $0
- Version
- 1
- License
- One-time purchase
Works With
Works with OpenClaw, Claude Projects, Custom GPTs and other instruction-friendly AI tools.
Compatible With
Any OpenClaw agent (Felix, Forge, Nora, custom personas, or bare agents), Claude Code (project-scoped or user-scoped skill installation), Claude Desktop (via skill configuration), Any agent framework that reads markdown-based skill files
Required Tools
None
Works great with
Personas that pair well with this skill.