clawhub-scanner

Original source / Raw SKILL.md

---
name: clawhub-scanner
description: "Scan installed ClawHub skills for malware, credential theft, prompt injection, and security risks. Detects known C2 infrastructure, obfuscated payloads, and data exfiltration patterns from the ClawHavoc campaign."
---

# clawhub-scanner

Security scanner for ClawHub skills. Checks installed skills against known malicious patterns, IoCs, and suspicious behaviors.

## Usage

When the user asks to scan skills, check for malware, or audit their ClawHub installations:

```bash
# Scan all installed skills
clawhub-scanner scan

# Scan a specific skill
clawhub-scanner scan --skill ~/.openclaw/skills/some-skill

# JSON output for automation
clawhub-scanner scan --json

# Include low-severity findings
clawhub-scanner scan --verbose
```

## What It Detects

- **Critical:** Known C2 server IPs and malicious domains (ClawHavoc campaign)
- **High:** eval(), credential harvesting (SSH/AWS/browser/wallets), data exfiltration (Discord/Telegram webhooks), obfuscated payloads
- **Medium:** Prompt injection, broad filesystem access, clipboard harvesting
- **Low:** Outbound HTTP, WebSocket connections

## Install

Requires the npm package:

```bash
npm install -g @elvatis_com/clawhub-scanner
```

## Exit Codes

- 0 = clean
- 1 = high-severity findings
- 2 = critical findings


---

## Skill Companion Files

> Additional files collected from the skill directory layout.

### README.md

```markdown
# @elvatis_com/clawhub-scanner

Scan your installed [ClawHub](https://clawhub.com) skills for malware, credential theft, prompt injection, and security risks.

## Why?

ClawHub skills run with full agent permissions. In February 2026 alone, security researchers found:
- **534 skills** with critical vulnerabilities (Snyk)
- **341 skills** distributing the AMOS stealer ("ClawHavoc" campaign)
- **76 confirmed** malicious payloads for credential theft and data exfiltration

This scanner checks your installed skills against known malicious patterns, C2 infrastructure, and suspicious behaviors.

## Install

```bash
npm install -g @elvatis_com/clawhub-scanner
```

## Usage

```bash
# Scan all installed skills
clawhub-scanner scan

# Scan a specific skill
clawhub-scanner scan --skill ~/.openclaw/skills/some-skill

# JSON output for automation
clawhub-scanner scan --json

# Include low-severity findings
clawhub-scanner scan --verbose

# Show scanned directories
clawhub-scanner paths
```

## What It Detects

| Category | Severity | Examples |
|----------|----------|---------|
| **C2 Infrastructure** | Critical | Known malicious IPs (91.92.242.30), ClawHavoc domains |
| **Code Execution** | High | `eval()`, `child_process.exec()`, `process.binding()` |
| **Credential Theft** | High | SSH key access, AWS creds, browser profiles, crypto wallets |
| **Data Exfiltration** | High | Discord/Telegram webhooks, raw IP fetches, DNS tunneling |
| **Obfuscation** | High/Med | Base64+exec combos, large encoded strings, CharCode assembly |
| **Prompt Injection** | Medium | "Ignore previous instructions", system prompt overrides |
| **Network Activity** | Low | Outbound HTTP to unknown domains, WebSocket connections |

## Exit Codes

| Code | Meaning |
|------|---------|
| 0 | Clean (or only low/medium findings) |
| 1 | High-severity findings detected |
| 2 | Critical findings detected |

Use in CI/scripts: `clawhub-scanner scan --quiet || echo "Security issues found!"`

## Scan Locations

By default, scans:
- `~/.openclaw/skills/` (user-installed skills)
- OpenClaw built-in skills directory

## License

MIT - [Elvatis](https://elvatis.com)

```

### _meta.json

```json
{
  "owner": "homeofe",
  "slug": "clawhub-scanner",
  "displayName": "ClawHub Security Scanner",
  "latest": {
    "version": "0.1.0",
    "publishedAt": 1771921800294,
    "commit": "https://github.com/openclaw/skills/commit/eb3d80391b76ef7cc3c5ba86df89a54cfd41b787"
  },
  "history": []
}

```