ClawGuard
Security Scanner for OpenClaw/Clawdbot Skills
Protect yourself from malicious skill installations. ClawGuard scans skills for dangerous patterns before you install them - including patterns from the ClawHavoc campaign (341 malicious skills discovered by Koi Security).
Quick Start
# Scan a skill by name
python scan.py --skill <skill-name>
# Scan a skill by path
python scan.py --path /path/to/skill
# Scan all installed skills
python scan.py --all
What It Detects
| Category | Examples | Severity |
|---|---|---|
| 🔴 Reverse Shells | socket.connect(), pty.spawn(), /dev/tcp | Critical |
| 🔴 Data Exfiltration | requests.post() to suspicious TLDs | Critical |
| 🔴 Credential Harvest | Reading ~/.ssh/id_rsa, AWS credentials | Critical |
| 🔴 Obfuscation | base64.b64decode(exec), chr() chains | Critical |
| 🔴 ClawHavoc IOCs | glot.io scripts, fake Apple URLs, known C2 IPs | Critical |
| 🟠 Code Execution | exec(), eval(), subprocess | High |
| 🟡 Suspicious Network | URL shorteners, weird ports | Medium |
Output Formats
# Console (default) - colored terminal output
python scan.py --skill github
# JSON - machine-readable for CI/CD
python scan.py --skill github --format json
# Markdown - for sharing reports
python scan.py --skill github --format markdown
Risk Scoring
| Score | Level | Action |
|---|---|---|
| 0-10 | 🟢 Safe | Install freely |
| 11-25 | 🟢 Low | Quick review |
| 26-50 | 🟡 Medium | Review findings |
| 51-75 | 🔴 High | Review carefully |
| 76-100 | 🔴 Critical | Do not install |
IOC Database
70+ indicators of compromise including:
- Remote access (reverse shells, C2)
- Data exfiltration
- Credential harvesting
- Code obfuscation
- Real ClawHavoc campaign IOCs (from Koi Security research)
- Known malicious IPs, hashes, and skill names
Requirements
- Python 3.8+
- No external dependencies (stdlib only)
Credits
IOCs enriched with research from Koi Security - ClawHavoc campaign analysis by Oren Yomtov and Alex.
Links
Built for the Clawdbot community 🐾