agent-tinman

---
name: tinman
version: 0.6.3
description: AI security scanner with active prevention - 168 detection patterns, 288 attack probes, safer/risky/yolo modes, agent self-protection via /tinman check, local Oilcan event streaming, and plain-language dashboard setup via /tinman oilcan
author: oliveskin
repository: https://github.com/oliveskin/openclaw-skill-tinman
license: Apache-2.0

requires:
  python: ">=3.10"
  binaries:
    - python3
  env: []

install:
  pip:
    - AgentTinman>=0.2.1
    - tinman-openclaw-eval>=0.3.2

permissions:
  tools:
    allow:
      - sessions_list
      - sessions_history
      - read
      - write
    deny: []
  sandbox: compatible
  elevated: false
---

# Tinman - AI Failure Mode Research

Tinman is a forward-deployed research agent that discovers unknown failure modes in AI systems through systematic experimentation.


## Security and Trust Notes

- This skill intentionally declares `install.pip` and session/file permissions because scanning requires local analysis of session traces and report output.
- The default watch gateway is loopback-only (`ws://127.0.0.1:18789`) to reduce accidental data exposure.
- Remote gateways require explicit opt-in with `--allow-remote-gateway` and should only be used for trusted internal endpoints.
- Event streaming is local (`~/.openclaw/workspace/tinman-events.jsonl`) and best-effort; values are truncated and obvious secret patterns are redacted.
- Oilcan bridge should stay loopback by default; only allow LAN access when explicitly needed.

## What It Does

- **Checks** tool calls before execution for security risks (agent self-protection)
- **Scans** recent sessions for prompt injection, tool misuse, context bleed
- **Classifies** failures by severity (S0-S4) and type
- **Proposes** mitigations mapped to OpenClaw controls (SOUL.md, sandbox policy, tool allow/deny)
- **Reports** findings in actionable format
- **Streams** structured local events to `~/