ClawScan scans OpenClaw skill files for reverse shells, credential theft, remote code execution and 50+ other threats โ in your browser, before you ever hit run.
Unlimited scans ยท Runs locally ยท No data uploaded
OpenClaw skills can read files, run commands, and make network requests. That power is exactly why bad actors hide malware in them.
ClawScan analyzes every line of skill code against 50+ hand-crafted security rules โ flagging dangerous patterns before you execute anything.
Upload files, paste code, or drop in a ZIP bundle. Results are instant. Everything runs in your browser โ your code never leaves your machine.
Real threat patterns found in real skills. These aren't hypothetical โ they're the exact code signatures ClawScan flags every scan.
Drop skill files, ZIP bundles, SKILL.md, bash or Python scripts โ or paste code directly. Any file format OpenClaw skills use.
ClawScan runs all 50+ security rules across every byte simultaneously. Obfuscation, network calls, system access โ all checked at once.
Get a clear verdict โ Safe, Warning, or Malicious โ with every finding explained in plain English and specific steps to remediate.
per month ยท cancel anytime
Secure checkout via Stripe ยท 256-bit SSL
Cancel anytime from your billing portal
No. ClawScan runs entirely in your browser using JavaScript. Your skill files and code are never uploaded, transmitted, or stored anywhere. Analysis happens locally on your device โ 100% private.
ClawScan accepts any text-based file โ SKILL.md, bash scripts (.sh), Python (.py), JavaScript (.js), YAML, JSON, Markdown, and plain text. You can also upload ZIP bundles and ClawScan extracts and scans every file inside.
ClawScan uses pattern-based static analysis โ excellent at catching known threat signatures and updated regularly. No scanner catches 100% of novel threats. But ClawScan eliminates the overwhelming majority of real-world attack patterns before they ever execute.
After completing payment via Stripe, you receive immediate access to the ClawScan tool. Scan as many skills as you like throughout your subscription โ there are no per-scan limits.
ClawHub doesn't guarantee every skill is safe โ it's an open marketplace where anyone can publish. Malicious skills can look completely legitimate until analyzed at the code level. ClawScan is your last line of defense before untrusted code touches your machine.
Yes, anytime, with no fees. Cancel directly from the Stripe billing portal. Cancel before your next billing date and you won't be charged again.
One malicious skill can steal your SSH keys, hand your terminal to a stranger, or wipe your drive. For $2.99 a month, that's not a risk worth taking.
Protect My OpenClaw โ $2.99/mo