ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

clawsec-scanner

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and basic DAST security testing for skill hooks.

Why use this skill?

Automate security for your OpenClaw agents. clawsec-scanner performs dependency audits, SAST, and DAST to detect vulnerabilities, hardcoded secrets, and unsafe code.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/davida-ps/clawsec-scanner
Or

What This Skill Does

The clawsec-scanner is a comprehensive security tool designed specifically for OpenClaw agent environments. It automates vulnerability detection by integrating four specialized security engines into a single workflow. The tool performs dependency audits (npm/pip), cross-references vulnerabilities against primary databases (OSV, NVD, GitHub Advisory), conducts static analysis (SAST) via Semgrep and Bandit, and executes targeted dynamic analysis (DAST) for skill hooks. By normalizing disparate data sources into a unified ScanReport schema, it ensures that developers can monitor the security posture of their agent platforms with consistency and precision, enabling proactive threat mitigation rather than reactive patching.

Installation

To integrate the clawsec-scanner into your environment, run the following command within your OpenClaw interface: clawhub install openclaw/skills/skills/davida-ps/clawsec-scanner Ensure that your environment has npm and pip installed, as the dependency scanners operate as subprocesses and require these package managers to be present in the system path.

Use Cases

  • CI/CD Pipeline Integration: Automatically trigger security scans on new skill pushes to ensure no vulnerable dependencies or hardcoded secrets are introduced into the agent codebase.
  • Security Audits: Perform deep-dive assessments on existing agent configurations to identify outdated libraries or insecure coding patterns like command injection or unsafe deserialization.
  • Compliance Monitoring: Maintain a clean audit trail by generating periodic ScanReport files that track the security status of your agent over time.

Example Prompts

  1. "clawsec-scanner scan my agent project in ./skills/my-new-bot and generate a report of all critical vulnerabilities."
  2. "Run a full security audit on the current directory using the clawsec-scanner and highlight any hardcoded API keys detected by the SAST engine."
  3. "Summarize the latest security scan for my agent and tell me which dependencies need to be updated to resolve high-severity issues."

Tips & Limitations

  • Rate Limiting: While OSV is free, NVD integration may require an API key to bypass strict 6-second rate limits; consider configuring this if you run frequent scans.
  • DAST Scope: The DAST module is limited to skill hooks; it does not replace traditional web application scanners like OWASP ZAP and is intended solely for local agent logic validation.
  • False Positives: As with all automated SAST tools, expect occasional false positives in Semgrep or Bandit reports; always verify findings manually before refactoring production code.
Read Full Documentation on GitHub

Metadata

Author@davida-ps
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-davida-ps-clawsec-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#vulnerability-scanner#devsecops#audit#code-analysis
Safety Score: 4/5

Flags: file-read, external-api, code-execution

Related Skills

openclaw-audit-watchdog

Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.

davida-ps 2387

clawtributor

Community incident reporting for AI agents. Contribute to collective security by reporting threats.

davida-ps 2387

soul-guardian

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

davida-ps 2387

clawsec-feed

Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.

davida-ps 2387

clawsec-nanoclaw

Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot

davida-ps 2387