clawsec-scanner
Installation
SKILL.md
ClawSec Scanner
Comprehensive security scanner for agent platforms that automates vulnerability detection across multiple dimensions:
- Dependency Scanning: Analyzes npm and Python dependencies using
npm auditandpip-auditwith structured JSON output parsing - CVE Database Integration: Queries OSV (primary), NVD 2.0, and GitHub Advisory Database for vulnerability enrichment
- SAST Analysis: Static code analysis using Semgrep (JavaScript/TypeScript) and Bandit (Python) to detect hardcoded secrets, command injection, path traversal, and unsafe deserialization
- DAST Framework: Agent-specific static analysis of OpenClaw hook metadata and handler source without importing or invoking target code
- Unified Reporting: Consolidated vulnerability reports with severity classification and remediation guidance
- Continuous Monitoring: OpenClaw hook integration for automated periodic scanning
Vercel Skills Installation
Install with the Vercel Skills CLI for this harness:
npx skills add prompt-security/clawsec --skill clawsec-scanner -a openclaw -y