research wing
Blog
We re-scanned all 64,000 OpenClaw skills. Here's what their code can reach.
Three months ago we scanned 19,000 skills. The registry tripled. So we re-scanned everything — 63,697 skills, 98% of the live registry — and counted, from the code, exactly what each one can touch. 1 in 8 can read your environment variables.
June 23, 2026We graded our own scanner against an attacker. It failed two of six.
Most security tools grade their own detection from the architecture diagram. We built six attacks and ran them against the real engine. It caught four. Here's the scoreboard — and the fixes.
June 23, 20261 in 6 OpenClaw skills can read your environment variables — and why we won't call that 'credential access'
The number we could put in this headline is '8% of skills are dangerous.' We're not — that's a judgment, not a measurement. Here's the number we can actually defend, and the one most tools would have gotten wrong.
May 28, 2026What the OpenClaw cleanup missed
Over three months after ClawHavoc, we rescanned 200 OpenClaw skills. 18 are gone. 125 still route through one flagged backend.
March 17, 2026ClawAudit v0.5: AST Analysis, VirusTotal Threat Intel, and the First Dual OWASP Mapping
4 detection layers, 570 AST-confirmed findings, 154 VT-flagged URLs, and the first dual OWASP mapping (LLM Top 10 + Agentic Top 10) in any open agent security tool.
March 16, 2026We Scanned 19,461 OpenClaw Skills. Here's What We Found.
The largest security audit of the OpenClaw ecosystem. 19,461 skills analyzed, 1,555 flagged dangerous, 1,909 with credential-access + network patterns. Full findings and named examples.
March 13, 2026We Mapped 2,748 Dangerous AI Agent Skills to the OWASP LLM Top 10
We scanned every dangerous OpenClaw skill and mapped the findings to the OWASP Top 10 for LLM Applications (2025). The data reveals which AI agent security risks are theoretical and which dominate real-world configurations.
March 12, 2026ClawAudit v0.4: Multi-Format Analysis and a Full Registry Rescan
ClawAudit now scans CLAUDE.md and MCP configs alongside SKILL.md files. We rescanned all 19,461 OpenClaw skills to verify zero regressions.
March 10, 20263,326 OpenClaw Skills Can Access Your Credentials
17% of OpenClaw skills access API keys, tokens, or environment variables. We analyzed which ones are dangerous and how credential theft works in AI agent skills.
March 8, 2026How to Integrate ClawAudit's Security API Into Your AI Agent Workflow
Use ClawAudit's free REST API to scan OpenClaw skills for malware, prompt injection, and supply chain risks. Code examples for CI/CD, agent self-auditing, and bulk scanning.
March 7, 2026How to Audit an OpenClaw Skill Before Installing
A practical guide to checking AI agent skills for security risks before you install them.
March 7, 2026What Is Prompt Injection in AI Agent Skills?
How attackers use prompt injection to hijack AI agents through malicious skills, and how to detect it.
March 7, 2026The Most Dangerous Skills on OpenClaw in 2026
We scanned 19,461 OpenClaw skills. Here are the threat patterns we found in the 1,555 flagged as dangerous.