ClawHub

PwnClaw Security Scan

Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 849 · 3 current installs · 3 all-time installs
by@Gemini2027
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent security scanner) match the SKILL.md. The instructions and endpoints all relate to running external security tests; no unrelated binaries, credentials, or capabilities are requested.
Instruction Scope
Instructions primarily guide a human to use the external PwnClaw service or to run a token-based self-test via the service's API. This is appropriate for a remote scanning service, but the instructions do recommend (a) allowing the service to send attacks to your agent endpoint (automatic mode) and (b) adding generated rules to your system prompt — both of which require careful human review before enabling in production.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk and there is no package installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for an instruction-only wrapper around an external scanning service.
Persistence & Privilege
The skill is not marked always:true and does not request persistent privileges. It does recommend adding fix rules to the system prompt, but that is an action for the human operator (not an automatic install).
Assessment
This skill is internally consistent, but it relies on an external service. Before using: verify the PwnClaw website and the linked GitHub repo yourself; prefer human-mediated/manual testing or a sandboxed agent endpoint for initial runs; never give the service access to sensitive production endpoints or credentials; review any system-prompt rules generated by the service before applying them permanently; and limit scope/privileges when running tests (use staging agents or explicit test tokens). If you need higher assurance, inspect the public GitHub source or run the service in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97dbz8d67arcewna0f9nkw3eh80tknf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

PwnClaw Security Scan

Test your AI agent against 112 real-world attacks across 14 categories. Get a security score and actionable fix instructions.

What It Tests

  • Prompt Injection & Indirect Injection
  • Jailbreaks & Refusal Bypass
  • Social Engineering & Sycophancy
  • Data Exfiltration & Agency Hijacking
  • MCP/Tool Poisoning
  • Memory Poisoning
  • Multi-Agent & Multi-Turn Attacks
  • Privilege Escalation & Obfuscation

How To Use

Option 1: Tell Your Human

Ask your human to visit https://www.pwnclaw.com and run a free security scan:

  1. Sign up at https://www.pwnclaw.com (free tier available)
  2. Start a new test in the dashboard
  3. Enter the agent's URL or use manual mode
  4. Review results and apply the fix instructions to your system prompt

Option 2: Self-Test (Manual Mode)

If your human starts a test and gives you the test token, you can run it yourself:

  1. GET https://www.pwnclaw.com/api/test/{token} → get the next prompt
  2. POST https://www.pwnclaw.com/api/test/{token} with { "response": "your answer" } → submit and get next
  3. Repeat until status is "completed"
  4. Results are in the dashboard

Option 3: Automatic Mode (Recommended)

If your agent has an HTTP endpoint, your human just enters the URL in PwnClaw. PwnClaw sends attacks directly — no scripting needed.

Plans

PlanScansAttacksPrice
Free3/month15 per scan$0
Pro30/month50 per scan€29/mo
TeamUnlimited50 per scan€99/mo

After The Test

PwnClaw generates specific security rules based on your vulnerabilities. Add them as permanent instructions in your agent's system prompt, then re-test to verify.

Links

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…