Security auditor for AI agent configs

Scan CLAUDE.md, .mcp.json, and agent rules for dangerous permissions, credential leaks, and compound threats. Offline. SARIF-native. Free.

19,461

Configs analyzed

63.9

Avg trust score

1,555

Dangerous (8%)

8,433

Trusted (43.3%)

Trust Distribution

Trusted — 8,433 (43.3%)

Caution — 4,599 (23.6%)

Risky — 4,874 (25%)

Dangerous — 1,555 (8%)

Key Findings

5,679

Critical findings detected

2,090

High severity findings

12,727

Total findings detected

Most Common Capabilities

credential_access

3,326 (17.1%)

network_out

3,245 (16.7%)

package_install

2,740 (14.1%)

network_in

2,565 (13.2%)

data_encoding

1,045 (5.4%)

file_read

671 (3.4%)

agent_memory

654 (3.4%)

file_write

419 (2.2%)

process_exec

243 (1.2%)

dynamic_eval

157 (0.8%)

Integrate into CI/CD

Or npx @clawaudit/cli scan . to audit your project locally. Read the State of OpenClaw Security report, browse the registry, or read the blog for guides and analysis.