Skills¶
agent-bom includes pre-built skill workflows for common security tasks.
Skills are agentic invocation layers over the same agent-bom CLI, API, MCP,
normalization, scanning, graph, and export contracts. See
Agentic Skills Architecture
for the layered model, subagent delegation rules, and OSV/GHSA guardrails.
The repo also maintains a
skill capability contract
for CLI, MCP, sandbox, and Snowflake Native App readiness.
Readiness Lanes¶
| Lane | Required evidence | Promotion gate |
|---|---|---|
| OSS CLI/API | First command, output artifact, schema or validation path | agent-bom smoke plus targeted skill audit |
| MCP / assistant invocation | Same artifact contract plus delegated-agent guardrails | MCP tool listing and strict argument behavior |
| Snowflake Native App | Complete capability map, credential boundary, no hidden local state | Customer-account install path and audit evidence |
| Skill | File | Use case |
|---|---|---|
| AI BOM Generator | ai-bom-generator.md |
Generate comprehensive AI supply chain BOMs |
| Cloud Security Audit | cloud-security-audit.md |
Cloud provider security assessment |
| Compliance Export | compliance-export.md |
Export compliance reports for auditors |
| CSPM AWS | cspm-aws-benchmark.md |
AWS CIS benchmark |
| CSPM Azure | cspm-azure-benchmark.md |
Azure security benchmark |
| CSPM GCP | cspm-gcp-benchmark.md |
GCP security benchmark |
| AWS Discovery Skill | integrations/openclaw/discover-aws/SKILL.md |
Standalone AWS inventory discovery with optional agent-bom handoff |
| Vulnerability Intelligence Skill | integrations/openclaw/vulnerability-intel/SKILL.md |
Guardrailed OSV/GHSA/NVD/EPSS/KEV advisory lookup through agent-bom evidence paths |
| Incident Response | incident-response.md |
CVE incident investigation |
| MCP Server Review | mcp-server-review.md |
Pre-install MCP server trust assessment |
| OWASP LLM Assessment | owasp-llm-assessment.md |
OWASP LLM Top 10 compliance check |
| Pre-Deploy Gate | pre-deploy-gate.md |
CI/CD security gate |