ClawSecure is the independent integrity layer for the OpenClaw ecosystem — a free OpenClaw security scanner and audit platform purpose-built for AI agent skills and workflows. We've audited 2,890+ skills from the community-curated awesome-openclaw-skills list and the openclaw/skills repository, covering all 10 OWASP ASI Top 10 security categories with our proprietary 3-Layer Audit Protocol.
"Don't just scan the file; verify the soul of the agent as it evolves."
- The OpenClaw Security Problem
- OpenClaw Security Audit Features
- Quick Start — Scan an OpenClaw Skill
- OpenClaw Security Clearance API
- OWASP ASI Top 10 Coverage for OpenClaw
- Why ClawSecure for OpenClaw Security
- OpenClaw Security Research and Reports
- Contributing to OpenClaw Security
- About ClawSecure
OpenClaw is one of the fastest-growing open-source AI agent frameworks, with 180K+ GitHub stars and 2.2M+ deployed agent instances. That growth has made it a high-value target. ClawSecure's audit of the most popular skills found that 41% contain at least one security vulnerability — ranging from credential harvesting to unauthorized network calls.
The threats facing OpenClaw users go beyond traditional malware. Palo Alto Networks (2026) identified the Lethal Trifecta — the convergence of private data access, untrusted content exposure, and external communication capabilities — as the defining risk pattern for AI agents. OpenClaw exhibits all three by design.
Key OpenClaw vulnerability patterns ClawSecure detects include:
- ClawHavoc — A coordinated malware campaign delivering credential stealers through professional-looking ClawHub skills
- Supply chain poisoning — Malicious dependencies injected into skill packages targeting npm and Python ecosystems
- Sleeper agent attacks — Skills that pass initial inspection but receive malicious updates post-installation
- Prompt injection — Hidden instructions embedded in skill metadata that manipulate agent behavior
- Credential exfiltration — Skills that harvest API keys, OAuth tokens, and plaintext secrets from OpenClaw configuration files
Traditional malware scanners miss these threats because they lack context about how OpenClaw agents operate. An AI skill vulnerability checker needs to understand that clipboard access, shell execution, and screenshot capture are standard agent capabilities — not automatic red flags.
ClawSecure provides the only complete security solution covering all 10 OWASP ASI categories for OpenClaw agents. Every audit runs through our proprietary 3-Layer Audit Protocol:
Layer 1 — Proprietary Threat Intelligence ClawSecure's proprietary engine analyzes skills against 55+ OpenClaw-specific threat patterns, including ClawHavoc detection, ReDoS vulnerabilities, and Context-Aware Intelligence that differentiates real threats from normal agent capabilities.
Layer 2 — Advanced Static & Behavioral Analysis Deep code analysis examining execution patterns, data flow, permission requests, and behavioral indicators across skill source code, metadata, and bundled scripts.
Layer 3 — Supply Chain Security Comprehensive dependency auditing across npm, PyPI, and other package ecosystems, cross-referencing known CVEs and vulnerability databases to catch poisoned dependencies before they execute.
| Capability | Description |
|---|---|
| 3-Layer Audit Protocol | Proprietary threat intelligence, advanced static and behavioral code analysis, and supply chain dependency scanning working in concert — the only OpenClaw security audit covering all three attack surfaces |
| OWASP ASI Top 10 Scanner | Comprehensive OpenClaw security coverage across all 10 agentic security categories defined by the OWASP Agentic Security Initiative — from agent goal hijack and tool misuse to data exfiltration and agent persistence |
| Watchtower 24/7 Monitoring | Automated hash-drift detection with instant re-audit on code changes — 2,890+ OpenClaw skills monitored continuously for post-installation tampering, sleeper activation, and unauthorized modifications |
| Security Clearance API | Programmatic real-time integrity verification for developers and platforms — verify any OpenClaw agent's security status, score, and hash match before granting access to sensitive data or tools |
| Context-Aware Intelligence | Ecosystem-specific threat classification that differentiates real threats from standard OpenClaw agent capabilities — eliminates false positives that generic malware scanners produce on legitimate AI agent tools |
| Anti-Sleeper Agent Detection | Continuous OpenClaw security monitoring catches post-installation code modifications — detects skills that pass initial inspection but receive malicious updates after deployment |
| ClawHavoc Detection | Purpose-built detection for the ClawHavoc malware family — identifies C2 callback patterns, credential harvesting routines, and malicious domain connections targeting OpenClaw users |
| AI Skill Vulnerability Checker | 55+ threat patterns purpose-built for AI agent skill analysis — including prompt injection, eval() abuse, base64 obfuscation, data exfiltration, and ReDoS vulnerabilities |
| Verified Agent Registry | Public searchable directory of 2,890+ audited OpenClaw agents with category filtering, score ranges, and featured sections — skills scoring 80+ earn the ClawSecure Verified badge |
| Free Web-Based Scanning | No installation required — paste any ClawHub skill URL, GitHub link, or skill name, or upload a zip file and get a full OpenClaw Security Audit Report in under 30 seconds |
| Pre-Installation Verification | Scan any OpenClaw skill before installing it — verify security status via the web scanner, Security Clearance API, or Verified Agent Registry before granting agent access to your system |
| CVE Detection & Permission Scoring | CVE-2026-25253 detection, config.json permission analysis, and risk scoring for OpenClaw skill configuration files — catches dangerous permission escalation patterns in AI agent setups |
| SOUL.md & MEMORY.md Security | Analyzes OpenClaw agent identity and memory configuration files for prompt injection, unauthorized instruction overrides, and persistence manipulation attempts |
| Supply Chain Vulnerability Scanning | Full npm and PyPI dependency tree scanning against CVE databases — every package checked for known vulnerabilities, unpinned versions flagged, poisoned dependencies detected across the OpenClaw ecosystem |
| SHA-256 Tamper Detection | Cryptographic content hashing across all tracked skills — enables hash-match verification through the Security Clearance API and powers Watchtower integrity monitoring for OpenClaw security |
| Shareable Security Audit Reports | Public report pages for every scanned skill with unique URLs — share OpenClaw security audit results with teams, embed in documentation, or link from skill READMEs for transparency |
| 2,890+ Curated Audit Database | Skills audited from the community-curated awesome-openclaw-skills list and the openclaw/skills repository — the largest public security analysis of the OpenClaw ecosystem |
Option 1: Scan via the web interface
Visit the OpenClaw security scanner and paste any ClawHub skill URL or upload a skill zip file. Results are delivered in seconds as a full Security Audit Report.
Option 2: Use the Security Clearance API
For programmatic OpenClaw security automation, integrate the Security Clearance API into your workflow to verify agent integrity before granting access to sensitive data or actions. See the full API documentation for details.
Option 3: Browse the Registry
Explore 2,890+ audited OpenClaw agents in the Verified Agent Registry. Filter by category, security score, or verification status to find trusted skills for your workflows.
The OpenClaw Security Clearance API provides real-time programmatic integrity verification for developers and platforms building on the OpenClaw ecosystem.
curl -X POST https://www.clawsecure.ai/api/v1/clearance \
-H "Content-Type: application/json" \
-d '{
"agent_id": "github-user/skill-name",
"current_skill_hash": "sha256:abc123..."
}'{
"status": "SECURE",
"score": 92,
"agent_id": "github-user/skill-name",
"last_audit": "2026-02-25T14:30:00Z",
"report_url": "https://www.clawsecure.ai/report/abc123",
"hash_match": true,
"categories_covered": 10
}| Status | Meaning |
|---|---|
SECURE |
Agent passed audit and hash matches verified version |
UNVERIFIED |
Agent not yet audited or hash not recognized |
DENIED |
Agent failed critical security checks |
Rate limit: 100 requests/minute. Currently free and open — no API key required.
For the full endpoint reference, authentication details, and integration examples, see docs/API.md.
ClawSecure provides comprehensive coverage across all 10 categories of the OWASP Agentic Security Initiative (ASI) Top 10 — the emerging security standard for AI agent systems.
| # | OWASP ASI Category | ClawSecure Coverage |
|---|---|---|
| ASI-01 | Agent Goal Hijack | Prompt injection detection in skill metadata, SKILL.md files, and bundled scripts |
| ASI-02 | Tool Misuse | Permission analysis and capability auditing for system-level tool access |
| ASI-03 | Supply Chain Attacks | Layer 3 dependency scanning across npm, PyPI, and bundled packages |
| ASI-04 | Unsafe Code Execution | Static analysis of shell commands, eval patterns, and code generation |
| ASI-05 | Rogue Agents | Behavioral fingerprinting and intent classification via Context-Aware Intelligence |
| ASI-06 | Data Exfiltration | Network call analysis detecting unauthorized data transmission patterns |
| ASI-07 | Inter-Agent Communication | Workflow handshake analysis for multi-agent swarm security |
| ASI-08 | Cascading Failures | Dependency chain analysis and supply chain cascade prevention |
| ASI-09 | Sensitive Data Exposure | Credential and secret detection in config files, environment variables, and memory |
| ASI-10 | Agent Persistence | Watchtower hash-drift monitoring for post-installation integrity verification |
For a detailed explanation of each category and how ClawSecure maps findings to the OWASP ASI framework, see docs/OWASP-ASI.md. For the complete guide, read OWASP ASI Top 10 Explained for OpenClaw Users on our blog.
Generic scanners don't understand OpenClaw. Traditional malware scanners flag legitimate agent tools as suspicious because they lack ecosystem context. A clipboard-access permission that's standard for an OpenClaw productivity skill gets flagged as "potentially malicious" by generic scanners — creating noise that drowns out real threats.
ClawSecure's Context-Aware Intelligence understands the OpenClaw ecosystem and differentiates real threats from normal agent capabilities. When we audited OpenClaw's own peekaboo skill, generic scanners flagged it as suspicious. ClawSecure gave it a 95 (Safe) — because we understand that system-level capabilities like clipboard access and shell execution are standard for any useful OpenClaw agent.
Static scans aren't enough. A skill that passes inspection today can receive a malicious update tomorrow. ClawSecure's Watchtower monitors all 2,890+ tracked skills 24/7 and automatically re-audits any skill whose code changes. Within 24 hours of enabling Watchtower, we detected 35 skills with modified code — and 22.9% of all tracked skills have recorded at least one hash change since initial auditing.
No other tool covers everything. ClawSecure is the only OpenClaw audit tool delivering 10/10 OWASP ASI coverage, real-time integrity monitoring, runtime verification via the Security Clearance API, and an AI skill vulnerability checker with 55+ threat patterns purpose-built for the agentic era.
- 41% of Popular OpenClaw Skills Have Security Vulnerabilities — Flagship research from the largest public security audit of the OpenClaw ecosystem
- ClawHavoc Explained: The Malware Family Targeting OpenClaw Agents — Deep dive into credential harvesting, C2 callbacks, and the ClawHavoc campaign
- OWASP ASI Top 10 Explained for OpenClaw Users — Comprehensive guide to all 10 agentic security risk categories
- The Sleeper Agent Problem: How Safe Skills Turn Dangerous After Installation — Why runtime integrity monitoring matters for OpenClaw security
- Verified Agent Registry — Browse 2,890+ Audited Skills — Search, filter, and discover audited OpenClaw agents by category and security score
We welcome contributions from the OpenClaw community. See CONTRIBUTING.md for details on:
- Reporting security issues found in OpenClaw skills
- Submitting a skill for scanning via the ClawSecure platform
- Requesting features or improvements
- Reporting suspicious skills through our issue templates
For security vulnerability disclosures related to ClawSecure itself, see SECURITY.md.
ClawSecure is the independent AI agent security scanner and integrity layer for AI agent skills and workflows, providing the security infrastructure the OpenClaw ecosystem needs to scale safely. With 2,890+ skills audited from the community-curated awesome-openclaw-skills list and the openclaw/skills repository, comprehensive OWASP ASI Top 10 coverage, and 24/7 Watchtower monitoring, ClawSecure delivers the audit depth and runtime verification that generic scanners cannot.
Founded by J.D. Salbego — 2x exited founder with 10+ years building trust infrastructure for emerging technology ecosystems.
🌐 clawsecure.ai · 🐦 @ClawSecure · 📧 contact@clawsecure.ai
This project is licensed under the MIT License.