clawscan 1.0.0

OpenClaw/Moltbot/Clawdbot vulnerability scanner for prompt injection, supply chain, and RAG poisoning attacks
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239

# ClawScan - Security Scanner for AI Assistants

> **What it does**: Checks if your AI assistant (OpenClaw/Moltbot/Clawdbot) has security holes that hackers could exploit.

## 🚨 Why You Need This

If you're running an AI assistant on your computer or server, **hackers can take over your entire system** through security vulnerabilities. ClawScan finds these holes before the bad guys do.

Think of it like a home security inspection - but for your AI software.

## 📦 Installation

```bash
cargo install clawscan
```

Requires [Rust toolchain](https://rustup.rs/) (1.70+).

## 🎯 Quick Start (5 Minutes)

### Scan Your AI Assistant

```bash
# If running locally:
clawscan localhost

# If running on another computer:
clawscan 192.168.1.100

# If using a custom port:
clawscan myserver.com:9999
```

### What You'll See

The scanner checks for **9 different security problems**:

1. **Can hackers steal your passwords?** (CSWSH Attack)
2.**Can malicious websites control your AI?** (Indirect Injection)
3.**Can hackers run commands on your computer?** (Command Injection)
4.**Can people trick your AI into doing bad things?** (Prompt Injection)
5.**Can attackers poison your AI's memory?** (RAG Poisoning)
6.**Are you using infected AI plugins?** (Supply Chain)
7.**Can hackers manipulate your AI tools?** (MCP Poisoning)
8.**Can attackers break out of security restrictions?** (Elevated Bypass)
9.**Full system takeover possible?** (Zero-Click RCE)

### Understanding the Results

#### 🟢 Green = Good
```
No exploited vulnerabilities found
```
Your system is likely secure (but stay vigilant!).

#### 🔴 Red = Danger
```
⚠️  EXPLOITED VULNERABILITIES:

[CRITICAL] cve-2026-25253 - ws://localhost:18789
Evidence:
  • Auth token captured: eyJhbGc...
  • Granted scopes: operator.read, operator.write
Remediation:
  ✓ Upgrade to OpenClaw v2026.1.29+ immediately
  ✓ Implement Origin header validation
  ✓ Rotate all device tokens immediately
```

**This means:** Hackers can steal your authentication and control your AI.

**What to do:**
1. Follow the "Remediation" steps immediately
2. Stop using the AI until fixed
3. Run the built-in security checker: `openclaw security audit --fix`

## 🛡️ Fixing Security Problems

### Most Important Fixes

After scanning, do these **RIGHT NOW** if vulnerabilities found:

```bash
# 1. Run OpenClaw's built-in security fix
openclaw security audit --fix

# 2. Make sure AI only listens locally (not on the internet)
# Edit your OpenClaw config to bind to 127.0.0.1

# 3. Enable authentication
openclaw --auth

# 4. Turn off broadcasting
export CLAWDBOT_DISABLE_BONJOUR=1

# 5. Scan again to verify fixes
clawscan localhost
```

## 📊 Advanced Options

### Save Results to File
```bash
# Save as JSON for records
clawscan myserver.com --json scan-report-2026-02-05.json
```

### Scan Multiple Targets
```bash
# Check all your AI assistants at once
clawscan server1.com server2.com:8080 192.168.1.50
```

### Quiet Mode (Only Show Problems)
```bash
# Hide "everything OK" messages
clawscan localhost --quiet
```

### Faster Scanning
```bash
# Scan 200 targets simultaneously (default is 50)
clawscan --concurrency 200 target1.com target2.com target3.com
```

## ⚠️ Configuration Warning

**If ClawScan can connect to your AI from another computer, your setup is insecure by default!**

This means:
- 🚨 Your AI is exposed to the internet
- 🚨 No firewall blocking access
- 🚨 Hackers can find and attack it

**Fix immediately:**
- Bind to 127.0.0.1 (localhost only)
- Enable authentication (--auth flag)
- Use a firewall
- Change the default port from 18789

## 🤔 Common Questions

### Q: Is this tool safe to use?
**A:** Yes! ClawScan only **tests for vulnerabilities** - it doesn't actually exploit them or cause damage. Think of it like trying your door locks to see if they work.

### Q: Will this work with my AI assistant?
**A:** ClawScan works with:
- OpenClaw
- Moltbot
- Clawdbot
- Any compatible AI assistant using the Gateway Protocol v3

### Q: Do I need permission to scan?
**A:**
- **Your own AI systems**: Scan freely
-**Company systems you manage**: Get IT approval first
-**Other people's systems**: Illegal without written permission

### Q: How often should I scan?
**A:**
- Before deploying a new AI assistant
- After updating OpenClaw/plugins
- Monthly for production systems
- After any security news about AI vulnerabilities

### Q: What's the difference between ClawScan and `openclaw security audit`?
**A:**
- **openclaw security audit**: Checks your OWN settings (self-inspection)
- **ClawScan**: Tests from attacker's perspective (penetration test)

Use BOTH for complete security!

## 🎓 Learn More

### Understanding the Attacks

**CSWSH (Cross-Site WebSocket Hijacking)**
- Hackers can steal your AI's authentication tokens
- Allows them to control your AI remotely
- Fix: Update OpenClaw, enable authentication

**Prompt Injection**
- Tricking the AI into ignoring safety rules
- Can leak sensitive information or execute commands
- Fix: Update to latest version with better prompt isolation

**Supply Chain Attack**
- Malicious plugins that steal data
- 341 infected plugins found in the wild (ClawHavoc campaign)
- Fix: Only install plugins from trusted sources

### Get Help

- Report bugs: https://github.com/4n6h4x0r/clawscan/issues
- Security questions: [Your contact info]
- OpenClaw security: https://docs.openclaw.ai/security

## 📜 Legal Notice

**AUTHORIZED USE ONLY**

✅ **Allowed:**
- Testing your own systems
- Authorized penetration testing
- Security research with permission
- Bug bounty programs

❌ **Not Allowed:**
- Scanning systems you don't own
- Unauthorized testing
- Malicious exploitation

**Violating these rules may be illegal in your jurisdiction.**

## 🏆 Why Trust ClawScan?

- **Built with TDD**: 51 automated tests ensure accuracy
- **Open Source**: View all code on GitHub
- **Research-Backed**: Based on real CVEs and security advisories
- **No Damage**: Only tests for vulnerabilities, never exploits them
- **Privacy-Focused**: Runs locally, no data sent to third parties

## 🚀 What's Next?

After scanning:

1. ✅ Fix all critical issues immediately
2. ✅ Run `openclaw security audit --fix`
3. ✅ Scan again to verify fixes worked
4. ✅ Set up regular scanning (monthly)
5. ✅ Keep OpenClaw and plugins updated

**Stay safe!** 🛡️

---

**Built with ❤️ and Test-Driven Development by 4n6h4x0r**

Version 1.0.0 | Last Updated: February 2026