Enable AI agents to make secure, policy-controlled payments through Sardis Payment OS

Natural language spending policy creation and management for Sardis agent wallets

Supernal Coding CLI for development workflows - task management, requirements tracking, testing, git automation, ralph loops, compliance, and documentation. Use for task management (sc task), project health checks, traceability, spec management, or autonomous task execution.

Secure OAuth token management via Scalekit. Handles token storage, refresh, and retrieval for third-party services (Gmail, Slack, GitHub, etc.). Never stores tokens locally - always fetches fresh tokens from Scalekit.

Run Scrapclaw as a Dockerized browser-backed scraping service, then use this skill to fetch HTML from JavaScript-heavy or Cloudflare-protected pages through its HTTP API.

Advanced web scraping with anti-bot bypass, JavaScript support, and adaptive selectors. Use when scraping websites with Cloudflare protection, dynamic content, or frequent UI changes.

Web scraping using Scrapling — a Python framework with anti-bot bypass (Cloudflare Turnstile, fingerprint spoofing), adaptive element tracking, stealth headless browser, and full CSS/XPath extraction. Use when web_fetch fails (Cloudflare, JS-rendered pages), or when extracting structured data from websites (prices, articles, lists). Supports HTTP, stealth, and full browser modes. Source: github.com/D4Vinci/Scrapling (PyPI: scrapling). Only use on sites you have permission to scrape.

Advanced web scraping with Scrapling — MCP-native guidance for extraction, crawling, and anti-bot handling. Use via mcporter (MCP) to call the `scrapling` MCP server for execution; this skill provides strategy, recipes, and best practices.

Dual-mode screen sharing and analysis. Model-agnostic (Gemini/Claude/Qwen3-VL).

Create and modify scripts in ~/.nanobot/workspace/test with strict Git versioning. Each script lives in its own directory with an isolated git repository. Always confirms creation plan before execution and reports progress at each step. Uses ~/.nanobot/workspace/venv for Python environment and package management.

Search the web using Tavily's LLM-optimized search API. Returns relevant results with content snippets, scores, and metadata. Use when you need to find web content on any topic without writing code.

Advanced AI-powered search skill using SearXNG as the universal search backend. Multi-engine dork generation, 90+ search engines, intelligent search strategies, intent parsing, result analysis, and adaptive query refinement. No API keys required.

Search Reddit in real time using OpenAI web_search with enrichment (engagement + top comments). Use when you need recent Reddit threads, subreddit-filtered results, or quick link lists.

Search X/Twitter in real-time using Grok or X API. Find tweets, trends, and discussions with citations.

SearXNG Advanced Search Skill

Search the web using a self-hosted SearXNG metasearch engine. Use when the user asks to search the web, find information online, look up recent news, research a topic, or needs current data from the internet. Also use when the agent needs to gather external context to answer a question. Requires a running SearXNG instance with JSON API enabled.

Autonomous three-tier memory with proactive initiative, project tracking, and social intelligence. Ingests OpenClaw conversations, extracts knowledge + emotions, and proactively suggests automations, fixes, and project ideas. v1.4.0: Project tracking, semantic dedup, bulk feedback, archive retrieval, gentle reminders. All models via OpenRouter Cloud. Cross-platform: Linux + Windows.

Git hook to detect secrets before commit.

Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.

Secrets Management

Evidence-based endurance cycling coaching protocol (v11.10). Use when analyzing training data, reviewing sessions, generating pre/post-workout reports, planning workouts, answering training questions, or giving cycling coaching advice. Always fetch athlete JSON data before responding to any training question.

Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for security issues, run incremental security scans, or set up continuous security monitoring via cron. Supports full scans (one-shot) and incremental scans (cron-driven, only new commits).

Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.