npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clawguard-cli

v0.2.1

Published

Security scanner for OpenClaw AI agent installations

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vman7250vman7250

Keywords

openclawsecurityscannerai-agentclawdbotmoltbotvulnerabilityaudit

Readme

ClawGuard

Security scanner for OpenClaw AI agent installations.

OpenClaw ships with dangerous defaults: sandbox disabled, plaintext API keys in config files, gateway exposed to LAN, and a skills marketplace with 341 known malicious packages. CVE-2026-25253 allows 1-click remote code execution on unpatched installations.

ClawGuard scans your local OpenClaw setup, flags every vulnerability with severity ratings, and auto-fixes the most common issues. Think npm audit for your AI agent.

npm version License: MIT Node 18+

Why ClawGuard?

A default OpenClaw install scores 0/100 on our security checks:

  • Sandbox mode is OFF - agents execute commands directly on your host
  • API keys are stored in plaintext in ~/.openclaw/openclaw.json
  • Gateway binds to LAN instead of loopback
  • No exec allowlisting - any tool call runs unrestricted
  • Skills from ClawHub run with whatever permissions they request
  • Session transcripts can leak credentials into .jsonl logs

Most users don't know this. ClawGuard tells them exactly what's wrong and how to fix it.

Install

npm install -g clawguard

Or with npx (no install):

npx clawguard scan

Quick Start

# Scan your OpenClaw installation (auto-detects ~/.openclaw/)
clawguard scan

# Auto-fix common security issues
clawguard fix

# Verify fixes
clawguard scan

Example Output

 ClawGuard v0.1.0 - OpenClaw Security Scanner

 Scanning /home/user/.openclaw/ ...

 CRITICAL  Plaintext API keys found in configuration
           openclaw.json: Anthropic API key (sk-ant-...) on line 14
           openclaw.json: OpenAI API key (sk-proj-...) on line 18
           credentials/profiles.json: Telegram bot token on line 7
           Fix: Use environment variables: "apiKey": "${ANTHROPIC_API_KEY}"

 CRITICAL  Sandbox mode is disabled
           agents.defaults.sandbox.mode = "off"
           Fix: Set sandbox.mode to "all" in openclaw.json

 CRITICAL  Gateway bound to LAN
           gateway.bind = "lan" (should be "loopback")
           Fix: Set gateway.bind to "loopback" in openclaw.json

 HIGH      Weak gateway auth token
           Token length: 4 characters (minimum: 32)
           Fix: openssl rand -hex 32

 HIGH      Commands execute on host, not in sandbox
           tools.exec.host = "gateway"
           Fix: Set to "sandbox" in openclaw.json

 MEDIUM    Log redaction not enabled
           Fix: Set logging.redactSensitive to "tools" in openclaw.json

 ==================================================

 Score: 0/100  CRITICAL RISK

 Found: 3 critical, 2 high, 1 medium, 0 info
 Run clawguard fix to auto-fix 6 issues

After running clawguard fix:

 Score: 85/100  GOOD

 Found: 0 critical, 0 high, 0 medium, 3 info

CLI Reference

# Full scan (auto-detects ~/.openclaw/, ~/.clawdbot/, ~/.moltbot/)
clawguard scan

# Scan a specific directory
clawguard scan --path /path/to/openclaw

# JSON output for CI/CD pipelines
clawguard scan --format json

# Run only specific check categories
clawguard scan --check credentials gateway sandbox

# Auto-fix common issues
clawguard fix
clawguard fix --path /path/to/openclaw

# Show version
clawguard version

Available Check Categories

credentials gateway sandbox permissions version skills memory

Exit Codes

| Code | Meaning | |---|---| | 0 | Scan passed, no critical issues | | 1 | Error (path not found, invalid args) | | 2 | Critical issues found |

Security Checks

25+ checks across 7 categories:

| Category | Checks | Severity | |---|---|---| | Credentials | Plaintext API keys in config, .env, .bak files, session transcripts, log redaction settings | CRITICAL | | Gateway | Bind address (loopback vs LAN), auth token strength, port exposure on 0.0.0.0 | CRITICAL | | Sandbox | Sandbox mode, Docker availability, network isolation, exec host, exec allowlisting | CRITICAL | | Version | OpenClaw version against CVE-2026-25253 (RCE) and CVE-2026-21636, Node.js version | CRITICAL | | Skills | Malicious patterns, C2 IPs, typosquatted publishers, permission analysis, suspicious binaries | CRITICAL | | Permissions | Directory (700) and file (600) permissions on sensitive configs and credentials | HIGH | | Memory | SOUL.md/MEMORY.md injection detection, credential leaks in daily logs | HIGH |

Credential Patterns

Detects 17+ key formats: sk-ant- (Anthropic), sk-proj- (OpenAI), gsk_ (Groq), xai- (xAI), AKIA (AWS), ghp_/gho_ (GitHub), glpat- (GitLab), xoxb-/xoxp- (Slack), Telegram bot tokens, Discord tokens, sk_live_ (Stripe), OpenRouter, Google AI, and generic Bearer tokens.

Malicious Skill Detection

  • Remote code execution patterns (curl | sh, wget | bash)
  • Base64-encoded payloads over 50 characters
  • Known C2 IP addresses from the ClawHavoc campaign
  • References to paste services (glot.io, pastebin.com, hastebin)
  • Typosquatted ClawHub publisher names
  • Suspicious binary requirements (nc, ncat, netcat, nmap, socat)
  • Excessive permission requests (exec + sensitive_data + filesystem write)
  • Password-protected archive downloads

Auto-Fix

clawguard fix remediates these issues automatically:

| Issue | Fix Applied | |---|---| | Wrong file permissions | chmod 700 dirs, chmod 600 config files | | Sandbox disabled | Sets sandbox.mode to "all" | | No Docker network isolation | Sets docker.network to "none" | | Exec runs on host | Sets tools.exec.host to "sandbox" | | Log redaction off | Sets logging.redactSensitive to "tools" | | Weak gateway token | Generates 64-character hex token | | .bak files with old creds | Deletes backup files |

CI/CD Integration

ClawGuard returns exit code 2 when critical issues are found:

# GitHub Actions
- name: OpenClaw security scan
  run: |
    npm install -g clawguard
    clawguard scan --format json > security-report.json
    clawguard scan
# GitLab CI
security_scan:
  script:
    - npm install -g clawguard
    - clawguard scan --format json --path $OPENCLAW_DIR
  allow_failure: false

Scoring

Starts at 100, deducted per finding:

| Severity | Points Deducted | |---|---| | CRITICAL | -20 | | HIGH | -10 | | MEDIUM | -5 | | INFO | 0 |

| Score Range | Rating | |---|---| | 81-100 | Good | | 61-80 | Fair | | 31-60 | Poor | | 0-30 | Critical Risk |

Development

git clone https://github.com/vman7250/clawguard.git
cd clawguard-npm
npm install
npm run build

# Test against insecure fixture
node dist/index.js scan --path tests/fixtures/

# Test against secure fixture
node dist/index.js scan --path tests/fixtures/secure_config.json

Contributing

Contributions welcome. Please open an issue first to discuss what you'd like to change.

  1. Fork the repo
  2. Create a feature branch (git checkout -b feature/new-check)
  3. Add tests for new checks in tests/
  4. Submit a PR

Security

If you find a security vulnerability in ClawGuard itself, please report it privately via GitHub Security Advisories instead of opening a public issue.

License

MIT