elvatis

clawhub-scanner

"Scan installed ClawHub skills for malware, credential theft, prompt injection, and security risks. Detects known C2 infrastructure, obfuscated payloads, and data exfiltration patterns from the ClawHavoc campaign."

elvatis 0 Updated 3mo ago
GitHub

Install

npx skillscat add elvatis/clawhub-scanner

Install via the SkillsCat registry.

SKILL.md

clawhub-scanner

Security scanner for ClawHub skills. Checks installed skills against known malicious patterns, IoCs, and suspicious behaviors.

Usage

When the user asks to scan skills, check for malware, or audit their ClawHub installations:

# Scan all installed skills
clawhub-scanner scan

# Scan a specific skill
clawhub-scanner scan --skill ~/.openclaw/skills/some-skill

# JSON output for automation
clawhub-scanner scan --json

# Include low-severity findings
clawhub-scanner scan --verbose

What It Detects

  • Critical: Known C2 server IPs and malicious domains (ClawHavoc campaign)
  • High: eval(), credential harvesting (SSH/AWS/browser/wallets), data exfiltration (Discord/Telegram webhooks), obfuscated payloads
  • Medium: Prompt injection, broad filesystem access, clipboard harvesting
  • Low: Outbound HTTP, WebSocket connections

Install

Requires the npm package:

npm install -g @elvatis_com/clawhub-scanner

Exit Codes

  • 0 = clean
  • 1 = high-severity findings
  • 2 = critical findings

Categories

Code Review Processing Security
GitHub

Install

npx skillscat add elvatis/clawhub-scanner

Install via the SkillsCat registry.

Recommended Skills

xuiltul
subordinate-management by xuiltul
223 2mo ago
fluxcd
gitops-repo-audit by fluxcd
81 3mo ago
getsentry
warden-sweep by getsentry
137 3mo ago
sd0xdev
project-audit by sd0xdev
139 3mo ago
yonatangross
audit-skills by yonatangross
141 3mo ago
prompt-security
clawsec-suite by prompt-security
881 3mo ago