I built a security scanner for OpenClaw after 824 malicious skills were found

baz_sec · 4 hours ago · view on HN · vulnerability
0 net
Tags
node rce supply-chain
In February 2026, researchers discovered 824 malicious skills (20% of ClawHub) distributing infostealers. I built ClawVet to solve this.

It's a 6-pass security scanner for OpenClaw SKILL.md files that detects: - Remote code execution (reverse shells, piped downloads) - Credential theft (SSH keys, API tokens, browser cookies) - Prompt injection attacks - Typosquatting (Levenshtein distance against top skills) - Social engineering (suspicious patterns)

Most existing scanners run single-pass regex. ClawVet runs 6 independent passes because one detector misses what another catches.

It's on npm (580 downloads/week), open source MIT, and has a REST API + web dashboard.

Source: https://github.com/MohibShaikh/clawvet Install: npx clawvet scan ./my-skill

Happy to answer questions about the detection methodology or why the ecosystem needed another scanner.

← Back to stories