ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

clawguard

Security scanner for OpenClaw/Clawdbot skills - detect malicious patterns before installation

Why use this skill?

Protect your OpenClaw environment with ClawGuard. Scan skills for malicious code, reverse shells, and ClawHavoc threats before installation.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/devinfloyd1/clawguarddevin
Or

What This Skill Does

ClawGuard is an essential security utility for the OpenClaw and Clawdbot ecosystem. It acts as a pre-installation security scanner designed to analyze local or remote skills for malicious patterns, obfuscated code, and known indicators of compromise (IOCs). By leveraging a comprehensive database of over 70 threat vectors—including those identified in the massive ClawHavoc campaign—ClawGuard provides a granular risk score (0-100) for every skill it evaluates. It specifically targets high-risk operations such as unauthorized network connections (reverse shells), data exfiltration attempts, credential harvesting from sensitive system directories, and the use of dangerous code execution functions like exec() or eval().

Installation

To integrate ClawGuard into your OpenClaw environment, execute the following command in your terminal:

clawhub install openclaw/skills/skills/devinfloyd1/clawguarddevin

Once installed, ensure your Python environment is set to version 3.8 or higher. Because ClawGuard is built entirely on the standard library, it requires no external pip dependencies, ensuring a lightweight and secure footprint on your host system.

Use Cases

ClawGuard is designed for security-conscious developers and users who install third-party automation skills. Use cases include:

  1. CI/CD Pipeline Integration: Automatically scan new skill pull requests in a deployment pipeline using the --format json output flag to enforce security gating.
  2. Routine Audits: Periodically run python scan.py --all to scan your existing library for potentially compromised skills that were recently added to the IOC database.
  3. Investigation: Quickly vet a downloaded skill package from an untrusted source before unpacking it into your active working directory.

Example Prompts

  1. "ClawGuard, please scan the current directory for any malicious code patterns in the local skill folder."
  2. "Run a security audit on the newly installed github integration skill and output the report in markdown format."
  3. "Check if any of my installed skills are currently flagged as part of the ClawHavoc campaign and provide a list of high-risk items."

Tips & Limitations

To get the most out of ClawGuard, always run it in a isolated environment. Note that while ClawGuard is highly effective at catching static patterns and known malicious signatures, it is not a replacement for sandboxed execution. It cannot predict zero-day vulnerabilities that do not exhibit known malicious traits. Always prioritize reviewing code marked with a score above 50, and never blindly trust any script that requests sudo or root access unless you have manually verified the codebase.

Read Full Documentation on GitHub

Metadata

Author@devinfloyd1
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-devinfloyd1-clawguarddevin": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#scanner#clawdbot#cybersecurity#auditing
Safety Score: 5/5

Flags: file-read