← Back to Skills Marketplace

ClawSec Audit

Name: ClawSec Audit
Author: jchandler187

by jchandler187 · GitHub ↗ · v2.4.1 · MIT-0

cross-platform ⚠ pending

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install clawsec-audit

Description

Scan ClawHub skills for security vulnerabilities before installing -- 9 threat intel sources, 7 autonomous checks, slug or local path scan.

README (SKILL.md)

⚡ ClawSec

Security verification for ClawHub skills. Scan any skill -- by ClawHub slug or local path -- against 9 continuously-updated threat intelligence sources using 7 autonomous security checks.

When to use

Use ClawSec before installing a skill from ClawHub to verify it is safe. Also use it when developing your own skills -- scan before publishing to catch issues early.

Quick start

clawsec scan weather-forecast        # Scan by ClawHub slug (downloads, scans, cleans up)
clawsec scan ./my-skill              # Scan a local skill directory
clawsec scan ./my-skill --checks dep-scan,secret-scan   # Run specific checks only
clawsec scan ./my-skill --json       # JSON output for programmatic use

First run sets up a Python venv and syncs threat intel automatically. After that, clawsec scan works with zero configuration.

Parameters

When an agent invokes this skill through OpenClaw:

target (required) -- Local directory path or ClawHub skill slug (e.g. weather-forecast). If a slug is given, the skill is downloaded to a sandboxed temp directory, scanned, and removed.
checks (optional) -- Comma-separated list: dep-scan, static-analysis, secret-scan, yara-scan, ioc-match, behavioral, prompt-inject. Default: all 7.
json (optional) -- Output results as JSON for programmatic use.

Output

ClawSec returns a structured report with:

verdict -- pass, warn, or fail
findings -- Array of issues, each with severity (critical, high, medium), description, and file location
report_id -- Full UUID for later retrieval via clawsec report \x3Cid>

Exit codes: 0 = pass, 1 = warn, 2 = fail

Checks

Check	What it does
dep-scan	Cross-references dependencies against CISA KEV and OSV databases
static-analysis	Runs Semgrep rules for security anti-patterns
secret-scan	Scans for hardcoded API keys, tokens, and credentials using Gitleaks
yara-scan	Matches files against YARA rules for malware patterns
ioc-match	Matches IPs, domains, URLs, and file hashes against ThreatFox, URLhaus, MalwareBazaar, and Feodo Tracker
behavioral	Detects eval usage, shell injection, data exfiltration vectors, DNS tunneling
prompt-inject	Detects prompt injection and instruction-hiding patterns in SKILL.md

Threat intel sources (9)

CISA KEV, OSV (npm + PyPI), EPSS, MalwareBazaar, URLhaus, ThreatFox, Feodo Tracker, YARA Rules, Semgrep Rules

Run clawsec sync to refresh the intel cache. First clawsec scan auto-syncs if no cache exists.

Security and Privacy

No data leaves your machine. All scanning is local. No telemetry, no phone-home, no analytics.
Slug scans are sandboxed. Downloaded skills go to a 0700 temp directory with execute bits stripped and npm scripts suppressed. Cleaned up after scanning.
During scan, zero network requests. All intel is read from the local cache.
During sync, only public threat intel feeds are contacted. No skill code or scan targets are ever transmitted externally.

Local files

Read: ~/.clawsec/intel/ (threat intel cache), skill directory passed as target
Written: ~/.clawsec/intel/, ~/.clawsec/reports/, ~/.clawsec/venv/, ~/.clawsec/clawsec.log
First clawsec sync (or auto-sync) downloads approximately 50–100 MB of threat intel data

Install

npm install -g @lowwattlabs/clawsec

Or let OpenClaw install it via the skill install spec above.

License

MIT-0

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install clawsec-audit
After installation, invoke the skill by name or use /clawsec-audit
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.4.1

Fix: report IDs now full UUIDs, verify.sh fallback versions corrected, MIT-0 badge in API landing page, TMPDIR-respect in sync scripts

v2.4.0

Fixes: semgrep offline mode, ThreatFox IOC matching, URLhaus manifest bug, ELF detection, license unification (MIT-0), API hardening, version sync

v1.0.0

clawsec-audit v1.0.0 - Initial release. - Scans ClawHub skills (by slug or local path) for security vulnerabilities before installation. - Integrates 9 threat intelligence sources with 7 autonomous security checks. - Outputs structured reports with verdict, findings, and report ID. - Supports JSON output and selective check configuration. - All scanning and reporting performed locally; no telemetry or external code transmission.

Metadata

Slug clawsec-audit

Version 2.4.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is ClawSec Audit?

Scan ClawHub skills for security vulnerabilities before installing -- 9 threat intel sources, 7 autonomous checks, slug or local path scan. It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.

How do I install ClawSec Audit?

Run "/install clawsec-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawSec Audit free?

Yes, ClawSec Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawSec Audit support?

ClawSec Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawSec Audit?

It is built and maintained by jchandler187 (@jchandler187); the current version is v2.4.1.

More Skills