ClawSec Scanner

What it does

ClawSec Scanner automates security analysis for agent skills and repositories. It runs dependency scans (npm audit, pip-audit), queries CVE providers (OSV, NVD, GitHub Advisory), performs static analysis with Semgrep/Bandit, and executes an agent-aware dynamic analysis harness for OpenClaw hooks. Results are normalized into a unified ScanReport JSON with severity summaries and remediation guidance.

When to use it

Use ClawSec Scanner when auditing agent skills before deployment, during CI/CD checkpoints, or on a scheduled cadence to detect regressions. It's ideal for discovering vulnerable dependencies, hardcoded secrets, unsafe code patterns, and hook-specific runtime dangers in OpenClaw handlers.

What's included

• Scripts: Yes — orchestration scripts and a runner (has_scripts=true)
• References: No
• Instructions: Includes runner/installation instructions, CI/test guidance, and hook setup for continuous monitoring. The skill documents CLI flags for targeted scans, JSON report output, and environment variables for NVD/GitHub integration.

Compatible agents

Inferred support: agents and CLIs that can run subprocess tools (Node.js/python based workflows), e.g., OpenClaw gateway, Node-based agent runtimes, and CI environments.