ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

edgeone-clawscan

Comprehensive OpenClaw security scanning powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or security scan for the current OpenClaw environment, such as `开始安全体检`, `做一次安全体检`, `开始安全扫描`, `全面安全检查`, or `检查 OpenClaw 安全`; also use when the user asks to audit a specific skill before installation, review installed skills for supply chain risk, or investigate whether a skill is safe. Do not trigger for general OpenClaw usage, project debugging, environment setup, or normal development requests.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/boy-hack/aig
Or

What This Skill Does

edgeone-clawscan is a robust, security-focused OpenClaw utility powered by Tencent Zhuque Lab’s AI-Infra-Guard (AIG). Designed to maintain the integrity and safety of your development environment, this skill acts as a vigilant watchdog. It performs systematic security health checks, audits third-party skills before installation to mitigate supply chain risks, and validates the safety of your environment. By leveraging a local-first architecture, it ensures that your sensitive data—such as file contents, credentials, and environment variables—never leaves your local machine. The tool utilizes a strictly defined set of outbound HTTPS calls to check for CVE advisories and supply chain security data, ensuring you are always protected by the latest vulnerability intelligence without compromising privacy.

Installation

To integrate this security layer into your OpenClaw environment, execute the following command in your terminal:

clawhub install openclaw/skills/skills/boy-hack/aig

Once installed, ensure your AIG_BASE_URL is correctly configured in your openclaw.json if you are using a custom instance, otherwise, the default behavior will connect to the official endpoint at https://matrix.tencent.com/clawscan.

Use Cases

  • Automated Security Health Checks: Run comprehensive scans to detect potential misconfigurations or vulnerabilities in your currently deployed OpenClaw setup.
  • Supply Chain Protection: Audit new or untrusted skills before installing them to ensure they have not been compromised by malicious actors.
  • Production Safety Audits: Use the --deep flag to perform live probes against local Gateway infrastructure to identify exposure points before going live.
  • Continuous Monitoring: Periodically verify the security posture of your local environment against the latest industry CVE advisories.

Example Prompts

  1. "开始安全体检,检查我当前的项目环境是否安全。"
  2. "我打算安装一个新插件,请帮我检查一下 openclaw/skills/some-plugin 是否存在安全隐患。"
  3. "全面安全检查:运行 deep scan 看看我的本地网关配置有没有暴露风险。"

Tips & Limitations

  • Deep Scans: When using the --deep flag, always verify your current Gateway configuration. While the scan is safe, probing production gateways can lead to unexpected alerts in your logs.
  • Language Consistency: This skill automatically detects the language of your prompt and generates reports in that language, ensuring seamless communication.
  • Data Privacy: This tool is designed with a 'Zero-Transmission' policy regarding your private files. It solely relies on non-sensitive metadata for its lookup services.
  • Network Dependency: If offline, the skill gracefully falls back to local audit methods, though it may be unable to fetch the latest CVE advisories.
Read Full Documentation on GitHub

Metadata

Author@boy-hack
Stars4190
Views2
Updated2026-04-18
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-boy-hack-aig": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags

#security#scan#threat-detection#clawscan#claw-audit#claw-shield
Safety Score: 5/5

Flags: network-access, external-api

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473

arc-shield

Output sanitization for agent responses - prevents accidental secret leaks

arc-claw-bot 4473

AURA Security Scanner

Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them

aurasecurity-creator 4473

sbom-explainer

把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.

52yuanchangxing 4473

securityvitals

Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.

bk-cm 4473