Trooper is an AI workforce platform powered by OpenClaw technology. It lets you deploy multiple AI employees (agents) that work autonomously — making GitHub commits, sending emails, browsing the web, and executing complex multi-step tasks.

What are OpenClaw Skills?

OpenClaw Skills are installable capabilities for AI agents. With 3,000+ skills available, they extend agent functionality across coding, browser automation, data analytics, DevOps, testing, and more. Install via: npx clawhub@latest install .

How does GitHub integration work?

Trooper AI agents connect directly to your GitHub repositories. They can make real commits, create pull requests, review code, manage branches, and resolve merge conflicts — all autonomously.

Can multiple AI agents work together?

Yes, Trooper supports multi-agent collaboration. Multiple AI agents can work on the same project, communicate with each other, delegate tasks, and orchestrate complex workflows together.

SecurityintervalHardened

Production Security on Autopilot

Inspired by Tolmo — a fleet of specialized security agents across your entire stack. Pentesting, internal discovery, and remediation grounded in a live production knowledge graph. Agents run on every PR, deployment, and alert, catch threats in seconds, and verify fixes before closing.

Inspired by Tolmo

by Trooper

Run in Trooper All loops

Kickoff prompt

/loop 30m Start the "Production Security on Autopilot" loop.

Inspired by Tolmo (https://www.tolmo.com).

Goal: open findings triaged with graph context, critical issues escalated, and verified fixes landed in production
Max iterations: 20
Between iterations run: Report open findings by severity, unverified fixes, stale graph assets, and unprocessed PR/deploy/alert events
Exit when: zero critical or high findings without owner and remediation plan, every resolved finding has verified fix in production, and live graph covers all connected stack sources

## Before you start
- Connect GitHub (required) — PR checks, code context, and fix verification
- Connect Slack (required) — Alert routing and incident coordination
- Attach Loop runner (required) — Self-pace iterations and run checks between passes.
- Attach Security triage (required) — Rank findings by severity and blast radius.
- Attach Code change + verification (required) — Edit code or configs and verify locally.
- Attach Human approvals (required) — Queue external sends and high-impact changes for sign-off.
- AWS (read via api) — Cloud asset inventory
- Kubernetes (read via api) — Cluster and workload graph
- Datadog (read via api) — Observability and alert stream
- CI/CD (read via api) — Deploy and build events
- Okta (read via api) — Identity and access graph

## Steps
1. Gather stack context: Pull metadata from GitHub, cloud, K8s, CI/CD, observability, and security vendors using read-only access. [tools: GitHub, AWS, Datadog]
2. Maintain production graph: Connect assets, hidden links, and change history into one live environment view. [tools: Kubernetes, AWS, Okta]
3. Run on events: Trigger pentest, discovery, and monitor agents on pull requests, deploys, and security alerts. [tools: GitHub, CI/CD, Datadog]
4. Prove impact: Validate findings like an adversary would; rank by exploitability and blast radius with full graph context. [tools: GitHub, Kubernetes]
5. Remediate and verify: Turn findings into fixes grounded in the real environment; verify the fix landed before closing. [tools: GitHub, Slack]
Command: npm run security:smoke

Self-pace this loop. After each iteration, run the check command, read the output, and only continue if the exit condition is not met. Stop when the exit condition passes or max iterations is reached. Give a short status update each pass.

Guardrails:
- Use read-only roles for discovery and graph building unless explicitly approved for remediation
- Do not apply destructive changes in production without human approval
- Escalate critical and zero-day findings immediately — do not wait for the next loop iteration
- Never expose secrets, tokens, or credentials in logs or reports
- Mark findings resolved only after verified fix — not just PR merged
- Preserve audit trail linking finding → fix → verification event

Paste the kickoff prompt into Cursor, Claude Code, or Codex. Deeplinks do not install hook files.

Steps

1. Gather stack context

Pull metadata from GitHub, cloud, K8s, CI/CD, observability, and security vendors using read-only access.

Tools: GitHub, AWS, Datadog

2. Maintain production graph

Connect assets, hidden links, and change history into one live environment view.

Tools: Kubernetes, AWS, Okta

3. Run on events

Trigger pentest, discovery, and monitor agents on pull requests, deploys, and security alerts.

Tools: GitHub, CI/CD, Datadog

4. Prove impact

Validate findings like an adversary would; rank by exploitability and blast radius with full graph context.

Tools: GitHub, Kubernetes

5. Remediate and verify

Turn findings into fixes grounded in the real environment; verify the fix landed before closing.

Tools: GitHub, Slack

npm run security:smoke

Flow diagram

Guardrails

Rules the agent must follow so it cannot cheat the exit condition.

Use read-only roles for discovery and graph building unless explicitly approved for remediation
Do not apply destructive changes in production without human approval
Escalate critical and zero-day findings immediately — do not wait for the next loop iteration
Never expose secrets, tokens, or credentials in logs or reports
Mark findings resolved only after verified fix — not just PR merged
Preserve audit trail linking finding → fix → verification event

More Security loops

Dependency CVE Loop

Daily interval loop that audits dependency advisories, patches vulnerable packages, runs tests, and opens a security PR.

Security · intervalView loop →

Secret Scan Until Clean

Scan the repo for leaked secrets, rotate exposed credentials, verify clean scan, and loop until no leaks remain.

Security · manualView loop →

CI Failure Watcher

Poll CI on an interval, investigate failures when checks go red, and push fixes until green.

CI · intervalView loop →

View all loops →