About ClawAudit

ClawAudit is a static security analyzer for OpenClaw AI agent skills. It scans SKILL.md files for prompt injection, credential exfiltration, obfuscated payloads, and dangerous capability combinations — before you install.

How It Works

Every skill in the OpenClaw ecosystem is defined by a SKILL.md file — a markdown document that describes what the skill does, what permissions it needs, and the code an agent should execute. ClawAudit parses this file with zone-aware analysis:

• Code blocks are weighted as executable instructions
• Prose sections are analyzed for social engineering and prompt injection
• YAML frontmatter is parsed for declared permissions and metadata
• Security documentation is identified and suppressed to avoid false positives

The engine applies 60+ detection patterns, identifies capabilities (network access, file operations, credential access, etc.), and checks for compound threats — combinations of capabilities that together indicate malicious intent.

Why It Exists

AI agent skill ecosystems are growing fast. OpenClaw alone has nearly 20,000 skills. But there's no built-in security gate — any skill can request any capability, and users have no easy way to assess risk before installing. ClawAudit fills that gap with automated, instant security analysis.

Built By

ClawAudit is built by 4Worlds.

Open API

The audit API is free to use — no authentication required. Check the API documentation to integrate ClawAudit into your workflow, CI pipeline, or tool.