OpenClaw Security Scanner

Don't Run
Malicious
Skills.

ClawScan scans OpenClaw skill files for reverse shells, credential theft, remote code execution and 50+ other threats โ€” in your browser, before you ever hit run.

Start Scanning $2.99/mo

Unlimited scans ยท Runs locally ยท No data uploaded

Reverse Shell DetectedSSH Key Exfiltrationcurl Piped to BashCrontab Persistencerm -rf / Wiperngrok C&C TunnelClipboard HarvestingAES Runtime Decrypt/etc/passwd ReadmacOS Keychain DumpReverse Shell DetectedSSH Key Exfiltrationcurl Piped to BashCrontab Persistencerm -rf / Wiperngrok C&C TunnelClipboard HarvestingAES Runtime Decrypt/etc/passwd ReadmacOS Keychain Dump
What is ClawScan
A Security Scanner
Built for
OpenClaw Skills

OpenClaw skills can read files, run commands, and make network requests. That power is exactly why bad actors hide malware in them.

ClawScan analyzes every line of skill code against 50+ hand-crafted security rules โ€” flagging dangerous patterns before you execute anything.

Upload files, paste code, or drop in a ZIP bundle. Results are instant. Everything runs in your browser โ€” your code never leaves your machine.

clawscan โ€” analysis complete
$clawscan ./suspicious-skill.zip
โ„น Extracting 4 files... โŸณ Data Exfiltration checks... โœ— CRITICAL โ€” ~/.ssh access detected โŸณ Network / C&C checks... โœ— CRITICAL โ€” curl piped to bash (RCE) โŸณ Code Obfuscation checks... โš  HIGH โ€” base64 encoded exec block โŸณ System Tampering checks... โš  HIGH โ€” crontab persistence
โ›” MALICIOUS โ€” Do not install ยท 4 issues found
Threat Detection
What
ClawScan
Catches

Real threat patterns found in real skills. These aren't hypothetical โ€” they're the exact code signatures ClawScan flags every scan.

8 Threat Categories ยท 50+ Detection Rules
Every Attack
Vector Covered
๐Ÿ”’
Code Obfuscation
eval, base64 blobs, hex char construction, minified code, dynamic imports
๐Ÿ”
Encrypted Payloads
AES/Fernet decrypt, zlib/gzip runtime decompress, OpenSSL, ROT13
๐Ÿ“ก
Network / C&C
Reverse shells, curl-to-bash RCE, ngrok tunnels, raw IPs, WebSocket C&C
๐Ÿ’พ
Data Exfiltration
SSH keys, AWS creds, /etc/passwd, Keychain, clipboard, browser cookies
โš™๏ธ
System Tampering
rm -rf /, /tmp execution, crontab edits, launchd agents, sudo abuse
๐ŸŒ
External Comms
Untrusted external domains, raw IP connections, non-whitelisted requests
๐Ÿ”
Reconnaissance
Shell history reads, env variable harvesting, process enumeration
๐Ÿ›ก๏ธ
Privilege Escalation
SUID bits, nohup persistence, systemd service installs, launchctl load
50+
Detection Rules
8
Threat Categories
Scans per Month
0
Data Uploaded
How it works
Three Steps
to Security
1
Step One
Upload or Paste

Drop skill files, ZIP bundles, SKILL.md, bash or Python scripts โ€” or paste code directly. Any file format OpenClaw skills use.

2
Step Two
Instant Analysis

ClawScan runs all 50+ security rules across every byte simultaneously. Obfuscation, network calls, system access โ€” all checked at once.

3
Step Three
Actionable Report

Get a clear verdict โ€” Safe, Warning, or Malicious โ€” with every finding explained in plain English and specific steps to remediate.

Pricing
Full Protection.
Less Than a Coffee.
Monthly Plan
$2.99

per month ยท cancel anytime

  • Unlimited skill scans every month
  • All 50+ security detection rules
  • 8 threat categories: shells, exfil, C&C, tampering & more
  • File upload, paste, and ZIP bundle scanning
  • Critical / High / Medium / Info severity ratings
  • Per-finding remediation instructions
  • 100% browser-side โ€” code never leaves your device
  • New threat rules added regularly
Get Instant Access

Secure checkout via Stripe ยท 256-bit SSL
Cancel anytime from your billing portal

Common Questions
FAQ

No. ClawScan runs entirely in your browser using JavaScript. Your skill files and code are never uploaded, transmitted, or stored anywhere. Analysis happens locally on your device โ€” 100% private.

ClawScan accepts any text-based file โ€” SKILL.md, bash scripts (.sh), Python (.py), JavaScript (.js), YAML, JSON, Markdown, and plain text. You can also upload ZIP bundles and ClawScan extracts and scans every file inside.

ClawScan uses pattern-based static analysis โ€” excellent at catching known threat signatures and updated regularly. No scanner catches 100% of novel threats. But ClawScan eliminates the overwhelming majority of real-world attack patterns before they ever execute.

After completing payment via Stripe, you receive immediate access to the ClawScan tool. Scan as many skills as you like throughout your subscription โ€” there are no per-scan limits.

ClawHub doesn't guarantee every skill is safe โ€” it's an open marketplace where anyone can publish. Malicious skills can look completely legitimate until analyzed at the code level. ClawScan is your last line of defense before untrusted code touches your machine.

Yes, anytime, with no fees. Cancel directly from the Stripe billing portal. Cancel before your next billing date and you won't be charged again.

Don't Let the Next Skill Own Your Machine.

One malicious skill can steal your SSH keys, hand your terminal to a stranger, or wipe your drive. For $2.99 a month, that's not a risk worth taking.

Protect My OpenClaw โ€” $2.99/mo