Protecting 14,000+ OpenClaw machines OpenClaw Security Scanner for ClawHub Skills Free security scanner that analyzes OpenClaw skills and ClawHub packages for reverse shells, credential theft, prompt injection, and 60+ threat patterns. Scan any OpenClaw skill before it executes on your machine — no signup required. Skill Name URL Start Analysis Try: google-search nano-banana-pro edstem Sub-10s analysis 60+ threat patterns Free — no signup Scanned Skills All Safe Caution Review 0 + OpenClaw Machines Protected 0 + Malicious Skills Blocked 0 + Threat Detection Patterns 0 s Average Scan Time One Command Install Deploy the Clawned Protection Agent Real-time monitoring for your entire OpenClaw installation. Auto-scans every ClawHub skill before execution — catches reverse shells, credential theft, and ClawHavoc supply chain attacks before they run on your machine. clawhub install clawned Installation Guide Get API Key OpenClaw & ClawHub Security Why OpenClaw Skills Need Security Scanning 36% of ClawHub skills contain security flaws. Over 1,184 malicious skills from the ClawHavoc campaign alone. Clawned detects what generic scanners miss — with 60+ patterns built specifically for OpenClaw skills. Full Source Code Threat Analysis Deep scans the entire source code, scripts, and resources of every OpenClaw skill for 60+ malicious patterns — obfuscated payloads, ClickFix social engineering, hidden reverse shells, credential harvesting, and ClawHavoc supply chain attacks. 60+ patterns 6 threat categories AI-Powered Malware Detection Context-aware AI trained on OpenClaw skill semantics. Catches novel attack patterns, zero-day exploit vectors, and obfuscated threats that static analysis misses in ClawHub packages. OpenClaw Permission Auditing Maps every system capability a skill requests — flags privilege escalation, filesystem traversal, unauthorized shell execution, and network access across the entire skill source code and all bundled resources. Full Security Reports in Seconds Enter any ClawHub skill name or URL and get a severity-ranked security report in under 10 seconds. Every finding includes remediation steps and risk context. How to Scan OpenClaw Skills for Malware Scan any ClawHub skill for free with our public scanner, or deploy the Clawned protection agent for continuous real-time monitoring of your entire OpenClaw installation. 01 Scan Any OpenClaw Skill Paste a ClawHub skill name or GitHub URL. Get a full security audit with severity-ranked findings in under 10 seconds — completely free. 02 Install the Protection Agent Sign in, grab your API key, and deploy the Clawned agent on your machine for continuous, real-time monitoring of every OpenClaw skill you install. 03 Stay Protected from ClawHub Threats Every new skill installation is automatically scanned against 60+ threat patterns. Get instant alerts with detailed remediation steps for any detection. Protect Your OpenClaw Setup. Scan ClawHub Skills Now. A single unscanned ClawHub skill can deploy reverse shells, steal credentials, and compromise your entire OpenClaw environment. 230+ malicious skills blocked and counting. Start scanning for free — no signup required. Scan a Skill Get Protection Agent API & CI/CD Integration curl -X POST https://api.clawned.io/api/scan/url \ -H "Content-Type: application/json" \ -d '{"slug": "google-search"}' Generate an API key to integrate with your CI/CD pipeline. The OpenClaw Security Crisis: Why ClawHub Skills Need Scanning OpenClaw is the fastest-growing open-source AI agent framework with over 220,000 GitHub stars. Its public skill registry, ClawHub , hosts 10,700+ community-built skills that extend what your AI agent can do — from web browsing and code execution to database access and API integrations. But that openness comes with risk. Security researchers have found that over 36% of ClawHub skills contain security vulnerabilities , and coordinated campaigns like ClawHavoc have poisoned the registry with 1,184+ malicious skills designed to steal credentials, install stealers, deploy reverse shells, and exfiltrate sensitive data from developer machines. Clawned was built to solve this. Our scanner performs deep analysis of every skill ' s complete source code, scripts, and resources for 60+ threat patterns including credential harvesting, prompt injection, ClickFix social engineering, filesystem traversal, and supply chain attacks. We ' ve already blocked 230+ malicious ClawHub skills and protected 14,000+ developer machines — and the public skill scanner is completely free, no signup required. For teams and power users, the Clawned protection agent provides continuous real-time monitoring of your OpenClaw installation, automatically scanning every skill before it executes. Integrate it into your CI/CD pipeline with our REST API to create automated security gates that block malicious ClawHub packages from reaching production. Threat Intelligence What Clawned Detects in ClawHub Skills Clawned scans every OpenClaw sk...