ClawProof Security Scanner
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
Before installing, verify the npm package and repository, run scans only on files you intend to analyze, review any auto-fix diffs, and be aware that MCP or git-hook setup may continue running automatically after initialization. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill means trusting the npm package and its dependencies to run on the local machine.
The skill relies on installing or executing an external npm package, while the artifact set itself contains no package source code to review.
npm install -g agent-security-scanner-mcp ... npx agent-security-scanner-mcp --help
Install only from the linked official package/repository, pin versions where possible, and review the package before using it in sensitive environments.
Auto-fixes could change code behavior or introduce regressions if accepted blindly.
The documented auto-fix command can modify source files. This is aligned with a security scanner, but it is a high-impact action if run without reviewing changes.
Auto-fix available - 165 security fix templates: npx agent-security-scanner-mcp fix-security ./vulnerable-file.js
Run auto-fixes only on selected files, keep backups or version control, and review diffs before committing.
After setup, the scanner may continue affecting agent actions or commits until the integration is removed.
The skill documents setup modes that can keep running automatically through OpenClaw/MCP configuration or git hooks.
MCP Server (Automatic) ... npx agent-security-scanner-mcp init openclaw ... Git Hooks (Continuous) ... npx agent-security-scanner-mcp init-hooks
Enable persistent integrations only when desired, inspect the created MCP configuration and git hooks, and document how to remove them.
Users could over-rely on the scanner as a complete safety guarantee.
The skill makes strong security and performance claims, but the provided artifacts do not include benchmark details or implementation code to verify them.
ClawProof blocks these attacks automatically ... Precision | 97.7% (benchmarked)
Treat the scanner as one security layer, validate important results, and do not skip normal review for high-risk actions.