Malwar: A Vulnerability Scanner for SKILL.md Files Built with Claude Code
Malwar is a vulnerability scanner specifically for SKILL.md files used by AI coding agents. It addresses a gap in security tooling where traditional code scanners look for malicious code, but SKILL.md files contain natural language instructions that can pose a different threat.
What Malwar Does
The tool runs a 4-layer pipeline against skill files:
- Rule engine
- URL crawler
- LLM analysis layer
- Threat intel
Why It Was Built
The developer was building agentic workflows and realized they were "blindly pulling skills from ClawHub and trusting them." After manually reading through skills, they found several concerning patterns that would raise red flags in other contexts:
- Base64 blobs
- Instructions telling the agent to curl something and pipe it to bash
- Weirdly specific references to file paths where credentials live
The developer notes: "The kind of thing that if you saw it in a shell script you'd close the tab immediately."
Technical Implementation
The entire tool was built with Claude Code, including:
- Architecture
- Detection rules
- The LLM analysis layer
- The REST API
The developer states: "Honestly couldn't have shipped it at this scope solo without it."
Availability
Malwar is free to use with source available on GitHub at https://ap6pack.github.io/malwar/.
📖 Read the full source: r/ClaudeAI
👀 See Also
Bitwarden Agent Access SDK integrates with OneCLI for secure credential injection
Bitwarden's new Agent Access SDK enables AI agents to access credentials from Bitwarden's vault with human approval, while OneCLI acts as a gateway that injects credentials at the network layer without exposing raw values to agents.
Privacy Concerns in OpenClaw: Skills, SOUL MD, and Agent Communication
A developer raises privacy concerns about OpenClaw's architecture, specifically around skills having unrestricted access to sensitive data, SOUL MD being writable, and agents sharing information without filters.
OpenClaw Security Hardening: Multi-Layered Protection Against Autonomous Agent Risks
A developer modified OpenClaw's codebase to add a multi-layered security stack including a hard-deny regex guard, recursive de-obfuscator, AppArmor profile, and audit integration to prevent destructive commands and data exfiltration by autonomous agents.
Rules of the Claw: Open Source Security Rule Set for OpenClaw Agents
An open source JSON rule set with 139 security rules that blocks destructive commands, protects credential files, and guards instruction files from unauthorized agent edits. It operates with zero LLM dependency using regex patterns at the tool layer.