Security-first. Agent-right.

ClawGuard, the security layer for sharp agents.

Scan AI agent skills for prompt injections, malware, secrets, and more. No gatekeeping, just signal.

Scan a skillBrowse skills

Scan any skill. Versioned, auditable, open.

Check any skill from the command line:

npx @yourclaw/clawguard-cli scan ./my-skill

Or check against the registry:

npx @yourclaw/clawguard-cli check memory-manager
36.8%
of ClawHub skills have flaws
76
confirmed malicious payloads
80+
detection patterns
4
layers of defense

Four layers of defense

1

Pre-install Scanning

Catch bad skills before they run. Scanner + CLI + registry detect prompt injections, secrets, malware, and excessive permissions.

2

Runtime Monitoring

Catch injections at execution time. Lasso hooks detect prompt injection in tool outputs. mcp-scan proxy guards MCP traffic.

3

Behavioral Sandboxing

Limit blast radius if injection succeeds. Network allowlists, filesystem jails, permission prompts, rate limiting.

4

Community Reporting

Human review catches what automation misses. Report vulnerabilities, contribute fixes, build the safe skills ecosystem.

Get started in seconds

# Scan a local skillnpx @yourclaw/clawguard-cli scan ./my-skill# Check which tools are availablenpx @yourclaw/clawguard-cli doctor# Check a skill against the registrynpx @yourclaw/clawguard-cli check memory-manager