Skip to content

move78ai/clawhub-malware-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
clawhub_scanner.py
clawhub_scanner.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ClawHub Scanner 🕵️‍♂️

A lightweight, open-source security tool to detect malicious skills and high-risk configurations in OpenClaw environments.

Wide_cinematic_banner_2k_202602142226

🚨 The Threat Context

Recent supply chain attacks on the ClawHub marketplace (Project "ClawHavoc") have introduced malicious skills disguised as legitimate tools. These skills often contain the Atomic Stealer (AMOS) malware.

ClawHub Scanner helps developers and enterprises verify their agent environments against known Indicators of Compromise (IOCs) and high-risk permission patterns.

⚡ Features

  • IOC Scanning: Checks for known malicious C2 IP addresses (e.g., 91.92.xx.xx) and domain signatures.

  • Payload Detection: Scans for known malware filenames (e.g., openclaw-agent.zip, atomic_stealer).

  • Obfuscation Detection: Flags suspicious shell execution patterns (curl | sh, base64 pipes) often used in malicious skills.

  • Governance Check: Audits JSON configurations for "God Mode" permissions (e.g., fs.read_all, shell.execute) to help you enforce Least Privilege.

🛠️ Installation & Usage

Prerequisites : Python 3.8 or higher

Quick Start:

Clone the repository:

git clone https://github.com/Move78-International/clawhub-scanner.git cd clawhub-scanner

Run the scanner:

python clawhub_scanner.py

The tool attempts to auto-discover your OpenClaw directory. If it fails, specify the path manually:

python clawhub_scanner.py --path /Users/username/.openclaw/skills

📊 Sample Output

/ / / __ __ / / / /_ / / ... OPENCLAW & AGENT SECURITY SCANNER By Move78 International

[*] Version 1.0.0 - 'First Responder'

[*] Scanning directory: /Users/admin/.openclaw...

[!] CRITICAL THREATS FOUND: - File Match: Malicious payload found at .../openclaw-agent.zip

[i] GOVERNANCE ALERTS (High Risk Permissions): - High Risk Permission 'shell.execute' found in weather-skill.json

🛡️ Disclaimer

This tool is provided "as is" without warranty of any kind. It is a static analysis tool based on known IOCs from public research (February 2026). It does not replace a full EDR solution or manual code audit.

Move78 International accepts no liability for any damages caused by the use or misuse of this software.

🔗 About Move78 International

We build governance frameworks for the Agentic AI era.

Found a bug? Open an Issue.

Need Enterprise Support? Contact us for the AgentClaw Controls Toolkit (ACT).

Maintained by Abhi @ Move78 International

About

Detects 341+ malicious skills and the atomic stealer payload. Secure your OpenClaw instance.

Topics

openclaw openclaw-skills clawhub openclaw-security agenticaisecurity

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages