OpenClaw Security Scanner

Don't Run
Malicious
Skills.

ClawScan scans OpenClaw skill files for reverse shells, credential theft, remote code execution and 50+ other threats — in your browser, before you ever hit run.

Start Scanning $2.99/mo

Unlimited scans · Runs locally · No data uploaded

Reverse Shell DetectedSSH Key Exfiltrationcurl Piped to BashCrontab Persistencerm -rf / Wiperngrok C&C TunnelClipboard HarvestingAES Runtime Decrypt/etc/passwd ReadmacOS Keychain DumpReverse Shell DetectedSSH Key Exfiltrationcurl Piped to BashCrontab Persistencerm -rf / Wiperngrok C&C TunnelClipboard HarvestingAES Runtime Decrypt/etc/passwd ReadmacOS Keychain Dump
What is ClawScan
A Security Scanner
Built for
OpenClaw Skills

OpenClaw skills can read files, run commands, and make network requests. That power is exactly why bad actors hide malware in them.

ClawScan analyzes every line of skill code against 50+ hand-crafted security rules — flagging dangerous patterns before you execute anything.

Upload files, paste code, or drop in a ZIP bundle. Results are instant. Everything runs in your browser — your code never leaves your machine.

clawscan — analysis complete
$clawscan ./suspicious-skill.zip
ℹ Extracting 4 files... ⟳ Data Exfiltration checks... ✗ CRITICAL — ~/.ssh access detected ⟳ Network / C&C checks... ✗ CRITICAL — curl piped to bash (RCE) ⟳ Code Obfuscation checks... ⚠ HIGH — base64 encoded exec block ⟳ System Tampering checks... ⚠ HIGH — crontab persistence
⛔ MALICIOUS — Do not install · 4 issues found
Threat Detection
What
ClawScan
Catches

Real threat patterns found in real skills. These aren't hypothetical — they're the exact code signatures ClawScan flags every scan.

8 Threat Categories · 50+ Detection Rules
Every Attack
Vector Covered
🔒
Code Obfuscation
eval, base64 blobs, hex char construction, minified code, dynamic imports
🔐
Encrypted Payloads
AES/Fernet decrypt, zlib/gzip runtime decompress, OpenSSL, ROT13
📡
Network / C&C
Reverse shells, curl-to-bash RCE, ngrok tunnels, raw IPs, WebSocket C&C
💾
Data Exfiltration
SSH keys, AWS creds, /etc/passwd, Keychain, clipboard, browser cookies
⚙️
System Tampering
rm -rf /, /tmp execution, crontab edits, launchd agents, sudo abuse
🌐
External Comms
Untrusted external domains, raw IP connections, non-whitelisted requests
🔍
Reconnaissance
Shell history reads, env variable harvesting, process enumeration
🛡️
Privilege Escalation
SUID bits, nohup persistence, systemd service installs, launchctl load
50+
Detection Rules
8
Threat Categories
Scans per Month
0
Data Uploaded
How it works
Three Steps
to Security
1
Step One
Upload or Paste

Drop skill files, ZIP bundles, SKILL.md, bash or Python scripts — or paste code directly. Any file format OpenClaw skills use.

2
Step Two
Instant Analysis

ClawScan runs all 50+ security rules across every byte simultaneously. Obfuscation, network calls, system access — all checked at once.

3
Step Three
Actionable Report

Get a clear verdict — Safe, Warning, or Malicious — with every finding explained in plain English and specific steps to remediate.

Pricing
Full Protection.
Less Than a Coffee.
Monthly Plan
$2.99

per month · cancel anytime

  • Unlimited skill scans every month
  • All 50+ security detection rules
  • 8 threat categories: shells, exfil, C&C, tampering & more
  • File upload, paste, and ZIP bundle scanning
  • Critical / High / Medium / Info severity ratings
  • Per-finding remediation instructions
  • 100% browser-side — code never leaves your device
  • New threat rules added regularly
Get Instant Access

Secure checkout via Stripe · 256-bit SSL
Cancel anytime from your billing portal

Common Questions
FAQ

No. ClawScan runs entirely in your browser using JavaScript. Your skill files and code are never uploaded, transmitted, or stored anywhere. Analysis happens locally on your device — 100% private.

ClawScan accepts any text-based file — SKILL.md, bash scripts (.sh), Python (.py), JavaScript (.js), YAML, JSON, Markdown, and plain text. You can also upload ZIP bundles and ClawScan extracts and scans every file inside.

ClawScan uses pattern-based static analysis — excellent at catching known threat signatures and updated regularly. No scanner catches 100% of novel threats. But ClawScan eliminates the overwhelming majority of real-world attack patterns before they ever execute.

After completing payment via Stripe, you receive immediate access to the ClawScan tool. Scan as many skills as you like throughout your subscription — there are no per-scan limits.

ClawHub doesn't guarantee every skill is safe — it's an open marketplace where anyone can publish. Malicious skills can look completely legitimate until analyzed at the code level. ClawScan is your last line of defense before untrusted code touches your machine.

Yes, anytime, with no fees. Cancel directly from the Stripe billing portal. Cancel before your next billing date and you won't be charged again.

Don't Let the Next Skill Own Your Machine.

One malicious skill can steal your SSH keys, hand your terminal to a stranger, or wipe your drive. For $2.99 a month, that's not a risk worth taking.

Protect My OpenClaw — $2.99/mo