Official Verified developer tools Safety 5/5

flaw0

Security and vulnerability scanner for OpenClaw code, plugins, skills, and Node.js dependencies. Powered by OpenClaw AI models.

Why use this skill?

Achieve zero flaws in your OpenClaw projects. Install flaw0 to scan your code, skills, and dependencies for security vulnerabilities using advanced AI.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/thomaslwang/og-openclawguard

Download Source Code (.zip)

What This Skill Does

flaw0 is a robust, AI-powered security analysis suite designed specifically for the OpenClaw ecosystem. It goes beyond static analysis by leveraging specialized OpenClaw AI models to inspect source code, plugins, skills, and Node.js dependency trees. The primary objective of flaw0 is to achieve 'flaw 0' status—ensuring your development environment remains secure by identifying vulnerabilities ranging from command injection and hardcoded secrets to unsafe deserialization and XSS vectors. By integrating directly into your terminal, it provides a seamless layer of protection that catches security oversights before they reach production.

Installation

To integrate the scanner into your system, you can use the OpenClaw official package manager, ClawHub, or install it via npm. Run the following command in your terminal:

npx clawhub@latest install flaw0

Alternatively, for global access across all your OpenClaw projects, execute:

npm install -g flaw0

Use Cases

Use flaw0 throughout your development lifecycle. Developers should run flaw0 scan before installing third-party skills to prevent the introduction of malicious code. During active development, use flaw0 scan src/ to catch regressions in real-time. Before pushing code to repositories, a full flaw0 audit is recommended to verify that no hardcoded credentials or insecure patterns are present. For system administrators, the tool can audit entire OpenClaw installations, including core components and plugin directories, by utilizing the --target all flag.

Example Prompts

"flaw0, please scan the current directory for any critical security vulnerabilities or hardcoded API keys."
"Run a deep dependency audit on this project using the latest Claude model to ensure no malicious packages exist."
"Scan all installed skills and core plugins to provide a comprehensive security report for my OpenClaw environment."

Tips & Limitations

To get the most out of flaw0, always keep the package updated via npm update -g flaw0 to ensure you have the latest vulnerability pattern signatures. While flaw0 is highly effective at detecting common flaws like SQL injection and path traversal, it should be used as part of a defense-in-depth strategy. It is not a replacement for manual security code reviews, especially in complex architectural patterns. When running scans on large codebases, use the --json output flag to pipe results into automated CI/CD pipelines, allowing your team to block deployments if vulnerabilities of a certain severity threshold are detected. Always ensure your environment variables are configured correctly to allow the AI model to perform the most accurate analysis.

Read Full Documentation on GitHub

Metadata

Author@thomaslwang

Stars946

Updated2026-02-13

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-thomaslwang-og-openclawguard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473