OpenClaw Security Verification,
Runtime Monitoring, and Audit.
Static analysis of ClawHub skills, repositories, and install commands against active threat signatures — evaluated before execution.
Runtime event monitoring for agent sessions, with alerting on credential access, anomalous network egress, and policy violations.
Immutable append-only audit logs with SOC2-aligned export for compliance review and incident forensics.
1,467
malicious skills in ClawHub
60+
CVEs catalogued, Q1 2026
Free
static analysis, no account required
New: Secure Installer for macOS
Set up OpenClaw with full security hardening, cost controls, and monitoring — no terminal required.
Architecture
Three layers. Each does one job.
Shield is free and needs no account — paste a URL and get an answer. Watch and Trace connect to a live OpenClaw instance.
Drop in a ClawHub URL, a GitHub repo, or an install command. Shield checks it against our threat database and tells you if it's safe before you run it. No account needed, nothing executed on our end.
- ClawHub skill URL analysis
- GitHub repository scan
- Install command inspection
- Signed verdict output
See every tool call, file read, and network request your agents make — as it happens. The moment something looks off, you get an alert. If it's bad enough, you can kill the session from the dashboard.
- Live agent event stream
- Credential access alerts
- Anomalous network detection
- Session termination control
Every agent session stored in append-only logs you can audit, replay, and export. Built for the conversation where someone asks "what exactly did the agent do?" — and you need a real answer, not a guess.
- Append-only event log
- Incident reconstruction
- Cross-session correlation
- SOC2 export format
Detection coverage
Static analysis patterns.
We maintain a running catalogue of attack patterns pulled from real malicious skills caught in the wild, published CVEs, and community reports. The ruleset updates continuously — not quarterly.
View full threat database →60+ CVEs · 1,467 malicious skills catalogued
Malicious install scripts
The classic curl | bash. Whatever is at that URL runs with your permissions. We've seen some things.
Credential file access
Skills that quietly read your SSH keys, AWS credentials, or .env files. A weather skill does not need your database password.
Persistent background processes
Skills that install cron jobs or launch daemons that keep running long after the session ends. Months later, still phoning home.
Obfuscated payloads
When the code is base64-encoded and eval'd at runtime, it's usually not because the developer wanted to look clever.
Prompt injection
Hidden Unicode characters in skill descriptions that try to override your agent's instructions mid-session. Old trick, still works if you're not watching.
Undisclosed network egress
Your task-management skill shouldn't be posting to an undocumented server in a country you've never heard of. We check the outbound map.
Threat landscape · Q1 2026 · Sources: Koi Security, Cisco Talos, Bitdefender, ARMO, Conscia
1,467
Malicious skills found in ClawHub
60+
CVEs affecting OpenClaw, Q1 2026
135,000+
Exposed instances publicly indexed
340,000
Installs logged before detection