Remote OpenClaw Blog
Best Security and Pentest Skills for AI Agents in 2026
7 min read ·
Anthropic's claude-code-security-review is the best security skill for AI agents in 2026. It is an AI-powered GitHub Action that reads a pull request's diff the way a human security reviewer would, follows data flow across files, and posts vulnerability findings as PR comments, and its MIT-licensed repository (roughly 4,300 GitHub stars as of July 2026) is maintained by Anthropic. The full top 7 security and pentest skills, spanning Claude Code, Codex, and OpenClaw, with verified install methods, is below.
This list is task-specific. For a general ranking across every category, see our best Claude Code skills hub. This post only covers skills whose job is security: finding vulnerabilities, threat modeling, hardening agents, and testing for exploitable patterns.
How We Ranked Security Skills
A security skill is a packaged capability, a SKILL.md file, a plugin, or a GitHub Action, that teaches an AI agent to find or prevent vulnerabilities. We ranked these by official first-party distribution, the parent repository's GitHub stars (checked July 2026), and honest community adoption. Unlike classic pattern-matching scanners, AI security skills read code in context and follow data flow, which is why Anthropic and OpenAI both ship them, described in Anthropic's Agent Skills engineering post.
Where a skill lives inside a large monorepo, the star count reflects that parent repo, not the individual skill, and we say so. ClawHub community pentest skills are listed with their real star counts even in the single digits, because honest ranking matters more than inflated numbers.
1. claude-code-security-review: Best Overall Security Skill
claude-code-security-review is the best security skill for AI agents in 2026 because it turns a full AI security review into a one-file GitHub Action. It scans each pull request's diff, reasons about the code the way a reviewer would rather than running fixed rules, follows data flow across files, and posts findings as PR comments. The repository is MIT-licensed, Python-based, and maintained by Anthropic. Add it to a workflow:
- uses: anthropics/claude-code-security-review@main
with:
claude-api-key: YOUR_CLAUDE_API_KEY_SECRET
Point the claude-api-key input at a repository secret holding a Claude API key enabled for both the API and Claude Code. Because it reads context instead of matching patterns, it catches issues that need understanding to see, which is where traditional SAST tooling is weakest.
2. security-best-practices: Best Secure-Design Skill for Codex
security-best-practices is OpenAI's curated Codex skill for building security in rather than bolting it on. It helps Codex design safer data models, review security assumptions before code is written, and check real production errors against known risks, and it is part of a three-skill stack with security-threat-model and security-ownership-map. It lives in the openai/skills catalogue (roughly 19,000 stars and 38 curated skills as of July 2026), documented at the official Codex security docs. Add it from the curated set:
codex skills add security-best-practices
Directory entry: security-best-practices in our Codex skills index.
3. security-threat-model: Best Threat Modeling Skill
security-threat-model is the pentest-minded half of OpenAI's security stack: it walks Codex through structured threat modeling so the agent enumerates attack surfaces, trust boundaries, and abuse cases before shipping. This is the closest thing to a systematic "how would an attacker break this" pass in the official skill catalogue, and it pairs directly with security-best-practices. It ships from the same openai/skills catalogue:
codex skills add security-threat-model
Directory entry: security-threat-model.
4. security-guidance: Best Real-Time Safety Net
security-guidance catches vulnerabilities at the moment they are written. It is a hook-based Claude Code plugin from the anthropics/claude-code repository (135,651 stars as of July 4, 2026) that warns in real time when an edit introduces command injection, cross-site scripting, or unsafe deserialization. It does not replace a full review, but as an always-on layer it stops the embarrassing class of bug before a pull request exists:
/plugin marketplace add anthropics/claude-code
/plugin install security-guidance@claude-code-plugins
5. clawdefender: Best Agent Runtime Defense
clawdefender protects the agent itself, not just the code it writes. Built by nukewire on ClawHub (29 stars as of July 2026, the highest in this list's community tier), it is a security scanner and input sanitizer for AI agents, aimed at blocking the prompt-injection and malicious-input paths that turn a helpful agent into an attack surface. It is the practical runtime defense for OpenClaw agents. Install it:
clawhub install nukewire/clawdefender
Directory entry: clawdefender.
6. agent-hardening: Best Injection Pentest Skill
agent-hardening lets you attack your own agent before someone else does. Built by x1xhlol on ClawHub (4 stars as of July 2026), it tests an agent's input sanitization against common injection attacks, which is the agent-era equivalent of a focused penetration test. Run it against a new agent to find the inputs that break its guardrails. Install it into OpenClaw:
clawhub install x1xhlol/agent-hardening
Directory entry: agent-hardening.
7. security-skill-scanner: Best Supply-Chain Check
security-skill-scanner checks the skills you install for the risks this whole ecosystem carries. Built by anikrahman0 on ClawHub (7 stars as of July 2026), it scans OpenClaw skills for security vulnerabilities and suspicious patterns before you trust them, which matters because skills run with your agent's privileges and can execute code. Run it on any community skill before installing. Install it:
clawhub install anikrahman0/security-skill-scanner
Directory entry: security-skill-scanner. For sourcing skills safely, see our where to find Claude Code skills guide.
Comparison Table
Star counts are for each skill's parent repository, checked July 2026. Community skills show the individual skill's own count.
| Rank | Skill | Source (stars) | Agent | Best for |
|---|---|---|---|---|
| 1 | claude-code-security-review | anthropics/claude-code-security-review (~4.3k) | Claude Code / CI | Context-aware vulnerability scanning of PR diffs |
| 2 | security-best-practices | openai/skills (~19k) | Codex | Secure data models and design review |
| 3 | security-threat-model | openai/skills (~19k) | Codex | Structured threat modeling |
| 4 | security-guidance | anthropics/claude-code (135,651) | Claude Code | Real-time warnings while editing |
| 5 | clawdefender | nukewire (29) | OpenClaw | Runtime scanning and input sanitizing |
| 6 | agent-hardening | x1xhlol (4) | OpenClaw | Injection-attack pentesting of an agent |
| 7 | security-skill-scanner | anikrahman0 (7) | OpenClaw | Scanning community skills before install |
Limitations and Tradeoffs
AI security skills reduce risk; they do not certify safety. claude-code-security-review reads context better than a pattern scanner, but it can still miss a vulnerability or raise a false alarm, so it is a strong reviewer, not a compliance sign-off. Pentest-style skills like agent-hardening test only the attacks they know, which means a clean run is not proof the agent is secure. Every community skill in this ecosystem runs with your agent's privileges and can execute code, so scan skills before you install them and read the SKILL.md, which is exactly why security-skill-scanner made this list. Treat these skills as layers that make an attacker's job harder, and keep a human owning the security decisions. For hardening the agent's own environment, see our OpenClaw security best practices guide.
Related Guides
- OpenClaw Security Best Practices
- Best Code Review Skills for AI Coding Agents
- Best Claude Code Plugins in 2026
- Best Places to Find Claude Code Skills
Go deeper
The operator playbooks
Production-ready PDF guides for OpenClaw and Hermes Agent — $19.99 each.
Skills for this topic
Browse all skills →Frequently Asked Questions
What is the best security skill for AI agents?
Anthropic's claude-code-security-review is the best security skill in 2026. It is an MIT-licensed GitHub Action that scans each pull request's diff in context, follows data flow across files, and posts vulnerability findings as PR comments. It requires a Claude API key and runs as part of your CI workflow.
Are there pentest skills for AI agents?
Yes. security-threat-model from openai/skills runs structured threat modeling, and community skills like agent-hardening test an agent's input sanitization against injection attacks. They probe known attack patterns, so a clean result reduces risk but does not prove an agent is secure.
Can AI security skills replace a real security audit?
No. AI security skills catch many vulnerabilities early and read code in context better than pattern scanners, but they still miss issues and raise occasional false positives. Use them as a fast, always-on layer and keep a human security owner for anything high-stakes or compliance-related.
How do I check that a skill I install is safe?
Skills run with your agent's privileges and can execute code, so scan them first. security-skill-scanner checks OpenClaw skills for vulnerabilities and suspicious patterns before you trust them, and you should read the SKILL.md and prefer skills from sources with a track record. Install the scanner with clawhub install anikrahman0/security-skill-scanner .





