ClawScan - Security Scanner for AI Assistants

What it does: Checks if your AI assistant (OpenClaw/Moltbot/Clawdbot) has security holes that hackers could exploit.

🚨 Why You Need This

If you're running an AI assistant on your computer or server, hackers can take over your entire system through security vulnerabilities. ClawScan finds these holes before the bad guys do.

Think of it like a home security inspection - but for your AI software.

📦 Installation

cargo install clawscan

Requires Rust toolchain (1.70+).

🎯 Quick Start (5 Minutes)

Scan Your AI Assistant

# If running locally:
clawscan localhost

# If running on another computer:
clawscan 192.168.1.100

# If using a custom port:
clawscan myserver.com:9999

What You'll See

The scanner checks for 9 different security problems:

1. ✅ Can hackers steal your passwords? (CSWSH Attack)
2. ✅ Can malicious websites control your AI? (Indirect Injection)
3. ✅ Can hackers run commands on your computer? (Command Injection)
4. ✅ Can people trick your AI into doing bad things? (Prompt Injection)
5. ✅ Can attackers poison your AI's memory? (RAG Poisoning)
6. ✅ Are you using infected AI plugins? (Supply Chain)
7. ✅ Can hackers manipulate your AI tools? (MCP Poisoning)
8. ✅ Can attackers break out of security restrictions? (Elevated Bypass)
9. ✅ Full system takeover possible? (Zero-Click RCE)

Understanding the Results

🟢 Green = Good

No exploited vulnerabilities found

Your system is likely secure (but stay vigilant!).

🔴 Red = Danger

⚠️  EXPLOITED VULNERABILITIES:

[CRITICAL] cve-2026-25253 - ws://localhost:18789
Evidence:
  • Auth token captured: eyJhbGc...
  • Granted scopes: operator.read, operator.write
Remediation:
  ✓ Upgrade to OpenClaw v2026.1.29+ immediately
  ✓ Implement Origin header validation
  ✓ Rotate all device tokens immediately

This means: Hackers can steal your authentication and control your AI.

What to do:

1. Follow the "Remediation" steps immediately
2. Stop using the AI until fixed
3. Run the built-in security checker: openclaw security audit --fix

🛡️ Fixing Security Problems

Most Important Fixes

After scanning, do these RIGHT NOW if vulnerabilities found:

# 1. Run OpenClaw's built-in security fix
openclaw security audit --fix

# 2. Make sure AI only listens locally (not on the internet)
# Edit your OpenClaw config to bind to 127.0.0.1

# 3. Enable authentication
openclaw --auth

# 4. Turn off broadcasting
export CLAWDBOT_DISABLE_BONJOUR=1

# 5. Scan again to verify fixes
clawscan localhost

📊 Advanced Options

Save Results to File

# Save as JSON for records
clawscan myserver.com --json scan-report-2026-02-05.json

Scan Multiple Targets

# Check all your AI assistants at once
clawscan server1.com server2.com:8080 192.168.1.50

Quiet Mode (Only Show Problems)

# Hide "everything OK" messages
clawscan localhost --quiet

Faster Scanning

# Scan 200 targets simultaneously (default is 50)
clawscan --concurrency 200 target1.com target2.com target3.com

⚠️ Configuration Warning

If ClawScan can connect to your AI from another computer, your setup is insecure by default!

This means:

• 🚨 Your AI is exposed to the internet
• 🚨 No firewall blocking access
• 🚨 Hackers can find and attack it

Fix immediately:

• Bind to 127.0.0.1 (localhost only)
• Enable authentication (--auth flag)
• Use a firewall
• Change the default port from 18789

🤔 Common Questions

Q: Is this tool safe to use?

A: Yes! ClawScan only tests for vulnerabilities - it doesn't actually exploit them or cause damage. Think of it like trying your door locks to see if they work.

Q: Will this work with my AI assistant?

A: ClawScan works with:

• OpenClaw
• Moltbot
• Clawdbot
• Any compatible AI assistant using the Gateway Protocol v3

Q: Do I need permission to scan?

A:

• ✅ Your own AI systems: Scan freely
• ✅ Company systems you manage: Get IT approval first
• ❌ Other people's systems: Illegal without written permission

Q: How often should I scan?

A:

• Before deploying a new AI assistant
• After updating OpenClaw/plugins
• Monthly for production systems
• After any security news about AI vulnerabilities

Q: What's the difference between ClawScan and openclaw security audit?

A:

• openclaw security audit: Checks your OWN settings (self-inspection)
• ClawScan: Tests from attacker's perspective (penetration test)

Use BOTH for complete security!

🎓 Learn More

Understanding the Attacks

CSWSH (Cross-Site WebSocket Hijacking)

• Hackers can steal your AI's authentication tokens
• Allows them to control your AI remotely
• Fix: Update OpenClaw, enable authentication

Prompt Injection

• Tricking the AI into ignoring safety rules
• Can leak sensitive information or execute commands
• Fix: Update to latest version with better prompt isolation

Supply Chain Attack

• Malicious plugins that steal data
• 341 infected plugins found in the wild (ClawHavoc campaign)
• Fix: Only install plugins from trusted sources

Get Help

• Report bugs: https://github.com/4n6h4x0r/clawscan/issues
• Security questions: [Your contact info]
• OpenClaw security: https://docs.openclaw.ai/security

📜 Legal Notice

AUTHORIZED USE ONLY

✅ Allowed:

• Testing your own systems
• Authorized penetration testing
• Security research with permission
• Bug bounty programs

❌ Not Allowed:

• Scanning systems you don't own
• Unauthorized testing
• Malicious exploitation

Violating these rules may be illegal in your jurisdiction.

🏆 Why Trust ClawScan?

• Built with TDD: 51 automated tests ensure accuracy
• Open Source: View all code on GitHub
• Research-Backed: Based on real CVEs and security advisories
• No Damage: Only tests for vulnerabilities, never exploits them
• Privacy-Focused: Runs locally, no data sent to third parties

🚀 What's Next?

After scanning:

1. ✅ Fix all critical issues immediately
2. ✅ Run openclaw security audit --fix
3. ✅ Scan again to verify fixes worked
4. ✅ Set up regular scanning (monthly)
5. ✅ Keep OpenClaw and plugins updated

Stay safe! 🛡️

Built with ❤️ and Test-Driven Development by 4n6h4x0r

Version 1.0.0 | Last Updated: February 2026