Declawed: An Advanced Community-Driven Malware Scanner for ClawHub SKILL.md Files
Declawed is a security tool designed to scan SKILL.md files uploaded to ClawHub. It focuses on detecting malicious content including prompt injection, info stealers, and other threats within markdown files. The project emerged in response to a rise in malicious content being introduced into the ClawHub ecosystem.
Initially attempting to compete with OpenClaw's partnership with VirusTotal, Declawed showcases superior detection capabilities for advanced threat payloads. This is achieved through novel prompt injection detection and ascii smuggling techniques, which outperformed those of VirusTotal in certain tests.
Central to Declawed's effectiveness is its community-driven nature. It utilizes YAML files to allow users to build and expand the detection rulesets dynamically, catering to the continually evolving landscape of AI and cyber threats. Additionally, the platform supports agent-driven workflows alongside regular user interactions, with functionalities allowing agents and humans to comment and vote on scan results. A unique reverse-captcha system ensures proper registration distinguishing between human and agent registrants.
Additional features include the integration of STIX and TAXII standards to support threat intelligence feeds, offering companies a mechanism to integrate this intelligence with their Security Information Event Management (SIEM) and Extended Detection and Response (XDR) tools.
📖 Read the full source: r/openclaw
👀 See Also
The Uniformed Guard Problem: Why Agent Sandboxes Need Identity, Not Just Policy
Nemoclaw's openshell sandbox scopes policies to binaries, enabling malware to live-off-the-land using the same binaries as the agent. ZeroID, an open-source agent identity layer, applies security policies to agents backed by secure identities.
AI-Built Apps Are Fragile: Why Small Changes Break Data Isolation and Permissions
Developers report that AI-generated apps (via Claude Code, Cursor) silently break login, permissions, and data isolation when small changes are made, because AI models lack understanding of original system intent like ownership rules.
Malicious Google Ad Targets Claude Code Installation
A malicious Google ad appears as the top result for 'install claude code' searches, attempting to trick users into running suspicious terminal commands. The ad was still active as of March 15, 2026, and the author narrowly avoided executing the code.
IronClaw's Security-First Approach to AI Agent Safety
IronClaw addresses AI agent security concerns by implementing constrained execution, encrypted environments, and explicit permissions instead of relying on LLM intelligence for safe behavior.