ClawHub

ClawProof Security Scanner

v3.10.3

Enterprise-grade security for OpenClaw - blocks malicious skills, detects hallucinated packages, and prevents prompt injection attacks. Powered by agent-secu...

0· 423·1 current·1 all-time
by@sinewaveai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a CLI security scanner; the SKILL.md consistently instructs running an npm-distributed CLI via npx (scan-skill, scan-prompt, scan-action, etc.). Requiring the npx binary is proportionate and expected. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are limited to scanning skills, packages, prompts, and code via the advertised CLI. They do not instruct reading arbitrary system credentials, editing other skills, or sending data to unexpected endpoints. The SKILL.md includes examples of prompt-injection strings (e.g., 'ignore previous instructions') as part of the detection docs; that explains the pre-scan injection signal.
Install Mechanism
This is an instruction-only skill that tells users to run 'npx agent-security-scanner-mcp' or 'npm install -g'. That means it will execute code retrieved from the public npm registry at runtime — a common pattern for CLIs but carries the usual supply-chain risk of running third-party packages. No obscure download URLs are used in the SKILL.md; the homepage and npm links point to GitHub and npm.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md does not request access to unrelated secrets or system config. The absence of env/credential requests is proportionate to a read-only/analysis CLI.
Persistence & Privilege
The skill does not request always:true, nor does it claim to modify other skills or system-wide agent settings. It's an on-demand tool invoked via CLI; allowing autonomous model invocation is the platform default but the skill does not request elevated persistence.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The phrase 'ignore-previous-instructions' was detected in SKILL.md. Given this skill advertises prompt-injection detection and documents bypass patterns, finding such a pattern in examples/documentation is expected. It should be reviewed to ensure it's explanatory (detection examples) rather than an attempt to manipulate the evaluator, but current context in SKILL.md appears to be documentation and sample inputs for scan-prompt.
Assessment
This skill appears internally consistent: it documents and instructs use of an npm-distributed CLI to scan skills, packages, prompts, and code. That said, using npx runs code fetched from the public npm registry at the moment of invocation — review the package source (GitHub repo), verify the npm package name and publisher, check recent versions and release notes, and consider pinning to a specific vetted version or auditing the package locally before running it on sensitive systems. If you will use it in automated environments (CI, production), prefer installing a vetted release in a controlled environment, enable reproducible installs (lockfiles), and review any telemetry/privacy policy in the package repository. Finally, the detected prompt-injection pattern appears in documentation/examples (expected), but you may want to manually inspect SKILL.md/README and the upstream repo to ensure nothing in the package uses 'ignore previous instructions' or other bypasses in a way that could alter agent behavior unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

ai-safetyvk97c3gcg1rbykgqrt1eyh5w71h81jtp1ast-analysisvk97c3gcg1rbykgqrt1eyh5w71h81jtp1auto-fixvk97c3gcg1rbykgqrt1eyh5w71h81jtp1latestvk97c3gcg1rbykgqrt1eyh5w71h81jtp1malware-detectionvk97c3gcg1rbykgqrt1eyh5w71h81jtp1openclaw-securityvk97c3gcg1rbykgqrt1eyh5w71h81jtp1package-verificationvk97c3gcg1rbykgqrt1eyh5w71h81jtp1prompt-injectionvk97c3gcg1rbykgqrt1eyh5w71h81jtp1securityvk97c3gcg1rbykgqrt1eyh5w71h81jtp1supply-chainvk97c3gcg1rbykgqrt1eyh5w71h81jtp1vulnerability-scannervk97c3gcg1rbykgqrt1eyh5w71h81jtp1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsnpx

Comments