Blog
ClawAudit v0.5: AST Analysis, VirusTotal Threat Intel, and the First Dual OWASP Mapping
4 detection layers, 570 AST-confirmed findings, 154 VT-flagged URLs, and the first dual OWASP mapping (LLM Top 10 + Agentic Top 10) in any open agent security tool.
March 17, 2026We Scanned 19,461 OpenClaw Skills. Here's What We Found.
The largest security audit of the OpenClaw ecosystem. 19,461 skills analyzed, 1,555 flagged dangerous, 1,909 with credential theft patterns. Full findings and named examples.
March 16, 2026We Mapped 2,748 Dangerous AI Agent Skills to the OWASP LLM Top 10
We scanned every dangerous OpenClaw skill and mapped the findings to the OWASP Top 10 for LLM Applications (2025). The data reveals which AI agent security risks are theoretical and which dominate real-world configurations.
March 13, 2026ClawAudit v0.4: Multi-Format Analysis and a Full Registry Rescan
ClawAudit now scans CLAUDE.md and MCP configs alongside SKILL.md files. We rescanned all 19,461 OpenClaw skills to verify zero regressions.
March 12, 20263,326 OpenClaw Skills Can Access Your Credentials
17% of OpenClaw skills access API keys, tokens, or environment variables. We analyzed which ones are dangerous and how credential theft works in AI agent skills.
March 10, 2026How to Integrate ClawAudit's Security API Into Your AI Agent Workflow
Use ClawAudit's free REST API to scan OpenClaw skills for malware, prompt injection, and supply chain risks. Code examples for CI/CD, agent self-auditing, and bulk scanning.
March 8, 2026How to Audit an OpenClaw Skill Before Installing
A practical guide to checking AI agent skills for security risks before you install them.
March 7, 2026What Is Prompt Injection in AI Agent Skills?
How attackers use prompt injection to hijack AI agents through malicious skills, and how to detect it.
March 7, 2026The Most Dangerous Skills on OpenClaw in 2026
We scanned 19,461 OpenClaw skills. Here are the threat patterns we found in the 1,555 flagged as dangerous.
March 7, 2026