Security issues found in 70%+ of scanned skills

Ship OpenClaw skills
you can stand behind.

ClawDefend is the OpenClaw security scanner built for developers. Catch malicious code, data exfiltration, and prompt injection before your skills reach ClawHub — or gate them in CI/CD automatically.

Check If My Skills Are Safe See a Sample Report →

Free · No signup required · Results in 30 seconds

clawdefend — scan

$ clawdefend scan https://github.com/example/my-skill

⠋ Cloning repository...

⠋ Analyzing 14 files...

⠋ Running static analysis...

⠋ LLM intent detection...

╔══════════════════════════════════════════╗

║ SCAN COMPLETE — Risk Score: 23/100 ║

╚══════════════════════════════════════════╝

CRITICAL Data exfiltration via process.env src/index.ts:47

HIGH Unrestricted shell execution src/utils/runner.ts:12

HIGH Base64-encoded eval payload src/helpers/init.ts:3

MEDIUM Recursive home dir file read src/scanner.ts:88

LOW Hardcoded API endpoint src/config.ts:5

295

Skills Scanned

9,497

Threats Found

122

Verified Skills

70%+

Skills with Issues

What We've Found Across 295 Scanned Skills

Real threat categories detected by ClawDefend in the wild.

Shell Command Injection38%

Env Variable Exfiltration29%

Hardcoded Credentials21%

Arbitrary File Access17%

Prompt Injection14%

Ship skills your users actually trust

One scan transforms how users perceive your skill.

⚠️

Unscanned skill

Users hesitate to install

→

🔍

ClawDefend scan

Issues found and fixed

→

✅

ClawDefend Verified

Badge on your README · Users install with confidence

Built for developers who ship OpenClaw skills

From quick pre-publish scans to automated CI/CD gates — ClawDefend fits your workflow.

CI/CD Integration

REST API and webhooks let you gate deployments on security scores. Fail the build before a bad skill ships.

GitHub Integration

Paste any GitHub or ClawHub URL and get a full security report in seconds. No setup, no config.

Deep Code Scanning

AST parsing, regex pattern matching, and LLM-powered intent detection find what grep can't.

Line-by-Line Reports

Every finding includes the exact file, line number, severity score, and a specific remediation step.

Malware Signatures

Continuously updated database of known malicious patterns found in real ClawHub skills.

Verified Skill Badges

Ship with confidence — ClawDefend-verified badges show users your skills have passed a security audit.

Trusted by OpenClaw skill developers and security-conscious teams

Static Analysis + LLM Intent Detection

REST API + CI/CD Webhooks

GitHub + ClawHub Integration

Scan your first OpenClaw skill in seconds

Free tier includes 5 scans per month. No credit card required. API access on Pro.

Check If My Skills Are Safe See Pricing