How to Integrate ClawAudit's Security API Into Your AI Agent Workflow

OpenClaw's registry has over 19,000 skills. Any skill can request shell access, read your files, or make network requests. There's no built-in review process. If your agent installs a skill, it runs with whatever permissions the skill asks for.

ClawAudit provides a free REST API that performs static security analysis on any OpenClaw skill. No API key required, no rate limits beyond 60 requests per minute. You get back a trust score, a tier rating, specific findings, compound threat detection, and a capability breakdown.

This guide covers how to integrate it into your workflow: single skill checks, CI/CD gates, agent self-auditing, and bulk scanning.

The API in 30 seconds

One endpoint. Pass an OpenClaw slug, get back a full security report.

Both return the same JSON response. Results are cached for 24 hours.

Reading the response

Here's what a clean skill looks like:

{
  "trust": {
    "tier": "Trusted",
    "score": 90,
    "description": "Low risk — minimal permissions, no red flags detected"
  },
  "scores": {
    "security": 10,
    "transparency": 9,
    "maintenance": 7,
    "overall": 9
  },
  "capabilities": [],
  "compoundThreats": [],
  "findings": [],
  "summary": { "total": 0, "critical": 0, "high": 0 }
}

And here's a skill with problems:

{
  "trust": {
    "tier": "Dangerous",
    "score": 20,
    "description": "Critical risks detected — do not install"
  },
  "compoundThreats": [
    {
      "id": "remote_code_execution",
      "severity": "critical",
      "description": "Fetches from network AND uses eval/Function"
    }
  ],
  "capabilities": ["network_out", "dynamic_eval", "credential_access"],
  "summary": { "total": 8, "critical": 3, "high": 2 }
}

Key fields to check

• trust.tier: Trusted, Caution, Risky, or Dangerous. Anything Dangerous should not be installed without manual review.
• trust.score: 0 to 100. Below 40 means multiple red flags.
• compoundThreats: Multi-signal attack patterns. A skill that reads files AND makes network requests AND accesses credentials is flagged as potential data exfiltration, not just three separate findings.
• capabilities: What the skill actually does in its code blocks: network_out, file_read, process_exec, dynamic_eval, credential_access, etc.
• permissionIntegrity: Mismatches between what a skill declares and what it actually does. A skill that makes network requests but doesn't declare curl in its required binaries is suspicious.

Use case 1: Check before install

The simplest integration. Before your agent installs a skill, hit the API and check the tier.

async function isSkillSafe(slug) {
  const res = await fetch(
    `https://api.clauwdit.4worlds.dev/audit/${slug}`
  );
  const report = await res.json();

  if (report.trust.tier === 'Dangerous') {
    console.warn(`Blocked: ${slug} scored ${report.trust.score}/100`);
    return false;
  }

  if (report.summary.critical > 0) {
    console.warn(`Warning: ${slug} has ${report.summary.critical} critical findings`);
    return false;
  }

  return true;
}

Use case 2: CI/CD security gate

If your project depends on OpenClaw skills, add a security check to your CI pipeline. This script reads a list of skill slugs and fails the build if any are Dangerous.

#!/bin/bash
# .github/scripts/audit-skills.sh
SKILLS="author/skill-one author/skill-two author/skill-three"
FAILED=0

for slug in $SKILLS; do
  tier=$(curl -sf "https://api.clauwdit.4worlds.dev/audit/$slug" \
    | jq -r '.trust.tier')
  echo "$slug: $tier"
  if [ "$tier" = "Dangerous" ]; then
    echo "BLOCKED: $slug is Dangerous"
    FAILED=1
  fi
done

exit $FAILED

Add this to your GitHub Actions workflow as a step that runs before deployment. Skills are cached server-side, so repeat calls are fast.

Use case 3: Agent self-auditing

If you're building an AI agent that installs OpenClaw skills on its own, you can give the agent a tool that checks ClawAudit before installation. This is the most important use case. An agent that blindly installs skills from a registry is a supply chain attack waiting to happen.

// Tool definition for an AI agent framework
{
  "name": "audit_skill",
  "description": "Check an OpenClaw skill for security risks before installing it",
  "parameters": {
    "slug": { "type": "string", "description": "OpenClaw skill slug (author/name)" }
  },
  "handler": async ({ slug }) => {
    const res = await fetch(
      `https://api.clauwdit.4worlds.dev/audit/${slug}`
    );
    const report = await res.json();
    return {
      safe: report.trust.tier !== 'Dangerous',
      score: report.trust.score,
      tier: report.trust.tier,
      threats: report.compoundThreats.length,
      critical: report.summary.critical,
      capabilities: report.capabilities
    };
  }
}

The agent gets a structured response it can reason about. "This skill scores 20/100, has 3 critical findings, and fetches from the network while using eval. Don't install it."

Use case 4: Bulk scanning with Python

If you need to audit many skills at once, here's a Python script that respects the rate limit (60/min) and outputs a CSV.

import requests, time, csv, sys

API = "https://api.clauwdit.4worlds.dev/audit"
slugs = ["author/skill-one", "author/skill-two"]  # your list

writer = csv.writer(sys.stdout)
writer.writerow(["slug", "score", "tier", "critical", "threats", "capabilities"])

for i, slug in enumerate(slugs):
    if i > 0 and i % 55 == 0:
        time.sleep(60)  # stay under rate limit
    r = requests.get(f"{API}/{slug}")
    d = r.json()
    writer.writerow([
        slug,
        d["trust"]["score"],
        d["trust"]["tier"],
        d["summary"]["critical"],
        len(d.get("compoundThreats", [])),
        ",".join(d.get("capabilities", []))
    ])

What the analyzer detects

ClawAudit's static analyzer runs 115 detection patterns across multiple categories. It's not just regex matching. The analyzer parses the skill's markdown into semantic zones (code blocks, prose, frontmatter, headings) and weights findings by context. A mention of eval() in a security warning section is suppressed. The same pattern in a code block the agent would execute is full severity.

Detection categories

• Code execution: eval, Function constructor, subprocess, os.system, child_process, dynamic imports
• Shell injection: pipe-to-bash, curl|sh, command injection patterns
• Obfuscation: base64 payloads, Unicode homoglyph evasion, zero-width character insertion, bracket notation eval
• Network: fetch, requests, urllib, bare IP addresses, webhook callbacks
• Credential theft: env var access, cloud credential paths (.aws, .gcloud, .kube), /proc/self/environ
• Prompt injection: instruction override attempts, identity redefinition, covert action directives
• Privilege escalation: sudo references, setuid, history clearing, sensitive file access
• Supply chain: runtime package installation, opaque dependencies, pip/npm/apt install in code

On top of individual patterns, 20 compound threat rules detect multi-signal attacks. A skill that reads files, encodes data, and sends it to an external server isn't just three medium findings. It's flagged as "obfuscated data exfiltration" at critical severity.

Registry-wide numbers

We've scanned every skill on OpenClaw. Here's the current breakdown of 19,461 skills:

• 43.3% Trusted (8,433 skills): No red flags, minimal or well-declared permissions
• 23.6% Caution (4,599 skills): Some capabilities, minor findings
• 25.0% Risky (4,874 skills): Significant capabilities or findings that warrant review
• 8.0% Dangerous (1,555 skills): Critical findings, compound threats, or known attack patterns

You can browse the full results on our registry page or query any skill directly through the API.

Rate limits and caching

The API allows 60 requests per minute per IP address. Results are cached for 24 hours server-side, so hitting the same skill twice costs nothing. There's no authentication required and no usage tiers. The API is free.

If you need higher throughput for bulk operations, space your requests at ~1 per second and you'll stay well within limits.

Get started

Try it now:

Or use the search on our homepage to look up any skill by name. Full API documentation here.

For more on the threats the API detects, read about prompt injection in AI agent skills or see our guide on how to audit a skill before installing.