概述

ClawGuard

Security Scanner for OpenClaw/Clawdbot Skills

Protect yourself from malicious skill installations. ClawGuard scans skills for dangerous patterns before you install them - including patterns from the ClawHavoc campaign (341 malicious skills discovered by Koi Security).

Quick Start

# Scan a skill by name
python scan.py --skill <skill-name>

# Scan a skill by path  
python scan.py --path /path/to/skill

# Scan all installed skills
python scan.py --all

What It Detects

Category	Examples	Severity
----------	----------	----------
🔴 Reverse Shells	socket.connect(), pty.spawn(), /dev/tcp	Critical
🔴 Data Exfiltration	requests.post() to suspicious TLDs	Critical
🔴 Credential Harvest	Reading ~/.ssh/id_rsa, AWS credentials	Critical
🔴 Obfuscation	base64.b64decode(exec), chr() chains	Critical
🔴 ClawHavoc IOCs	glot.io scripts, fake Apple URLs, known C2 IPs	Critical
🟠 Code Execution	exec(), eval(), subprocess	High
🟡 Suspicious Network	URL shorteners, weird ports	Medium

Output Formats

# Console (default) - colored terminal output
python scan.py --skill github

# JSON - machine-readable for CI/CD
python scan.py --skill github --format json

# Markdown - for sharing reports
python scan.py --skill github --format markdown

Risk Scoring

Score	Level	Action
-------	-------	--------
0-10	🟢 Safe	Install freely
11-25	🟢 Low	Quick review
26-50	🟡 Medium	Review findings
51-75	🔴 High	Review carefully
76-100	🔴 Critical	Do not install

IOC Database

70+ indicators of compromise including:

Remote access (reverse shells, C2)
Data exfiltration
Credential harvesting
Code obfuscation
Real ClawHavoc campaign IOCs (from Koi Security research)
Known malicious IPs, hashes, and skill names

Requirements

Python 3.8+
No external dependencies (stdlib only)

Credits

IOCs enriched with research from Koi Security - ClawHavoc campaign analysis by Oren Yomtov and Alex.

Links

Built for the Clawdbot community 🐾

版本历史

共 1 个版本

v1.0.0 当前

2026-03-29 09:55 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)