Malware found in 300+ ClawHub skills

Don't install skills
you can't trust.

ClawDefend scans OpenClaw skills for malicious code, data exfiltration, and prompt injection. Get a security report in seconds.

Scan a Skill Browse Verified Skills

clawdefend — scan

$ clawdefend scan https://github.com/example/my-skill

⠋ Cloning repository...

⠋ Analyzing 14 files...

⠋ Running static analysis...

⠋ LLM intent detection...

╔══════════════════════════════════════════╗

║ SCAN COMPLETE — Risk Score: 23/100 ║

╚══════════════════════════════════════════╝

CRITICAL Data exfiltration via process.env src/index.ts:47

HIGH Unrestricted shell execution src/utils/runner.ts:12

HIGH Base64-encoded eval payload src/helpers/init.ts:3

MEDIUM Recursive home dir file read src/scanner.ts:88

LOW Hardcoded API endpoint src/config.ts:5

1,247

Skills Scanned

342

Threats Found

186

Verified Skills

27%

Skills with Issues

How ClawDefend Protects You

Multi-layer analysis catches what manual review misses.

Deep Code Scanning

AST parsing, regex pattern matching, and LLM-powered intent detection find what grep can't.

Trust Badges

Verified, Audited, and Community Reviewed badges so users know which skills are safe.

CI/CD Integration

REST API and webhooks for automated scanning in your deployment pipeline.

Malware Signatures

Continuously updated database of known malicious patterns found in ClawHub skills.

GitHub Integration

Paste a repo URL and get results in seconds. No setup, no config.

Detailed Reports

Line-by-line findings with severity scores, code snippets, and remediation steps.

Trusted by OpenClaw skill developers and security-conscious teams

SOC 2 Compliant Infrastructure

End-to-end Encrypted Scans

Open Source Scanner Engine

Scan your first skill in seconds

Free tier includes 3 scans per month. No credit card required.

Start Scanning

Don't install skillsyou can't trust.