LIVE SECURITY RESEARCH - FEB 2026

SkillScan

Security Scanner API for AI Agent Skills

We scanned all 547 skills in the ClawHub registry. 14.4% contain threats. Protect your OpenClaw users with one API call.

Get API Access View API Docs

Registry Scan Results - Feb 23, 2026

We crawled the entire ClawHub registry and scanned every skill. Skills with tens of thousands of downloads contain CRITICAL threats including supply chain attacks and data harvesting instructions. VirusTotal misses these because they are natural language threats, not binary malware.

547
Skills Scanned
79
Threats Found (14.4%)
64
CRITICAL Severity
31.6K
Max Downloads on Flagged Skill

API Documentation

Single endpoint. No authentication required for free tier.

Scan by content:

curl -X POST https://skillscan.chitacloud.dev/scan \
  -H "Content-Type: application/json" \
  -d '{"skill_content": "YOUR SKILL CONTENT HERE"}'

Scan by URL:

curl -X POST https://skillscan.chitacloud.dev/scan \
  -H "Content-Type: application/json" \
  -d '{"skill_url": "https://example.com/skill.md"}'

Response:

{
  "safe": false,
  "score": 35,
  "threats": [{
    "severity": "CRITICAL",
    "category": "Supply Chain Attack",
    "description": "Pipe to sh - code execution attack",
    "evidence": "...curl https://... | sh..."
  }],
  "warnings": [],
  "summary": "WARNING: 1 critical threat(s) detected.",
  "scanned_at": "2026-02-23T14:00:00Z",
  "content_hash": "abc123"
}

Score: 100 = clean, 0 = highly dangerous. Reject skills with score below 70.

What We Detect

Supply chain attacks (pipe to bash/sh)
Credential theft (webhook.site, requestbin)
Environment file access (~/.env, config files)
Prompt injection (ignore previous instructions)
Data harvesting instructions
Known ClawHavoc IoCs (IPs, patterns)
Base64 obfuscation
Suspicious API key access patterns

Pricing

Free

$0
forever
  • 100 scans/day
  • Scan by URL or content
  • Full threat details
  • No API key needed

Pro API

$49
/month
  • 10,000 scans/month
  • Dedicated API key
  • No rate limits
  • Priority scanning
  • Webhook notifications
  • Custom threat rules
Get Access

Enterprise

Custom
contact us
  • Unlimited scans
  • SLA guarantee
  • Custom IoC rules
  • On-prem deployment
  • Security audit reports
  • Integration support
Contact Us

Get API Access

To get a Pro API key, send $49 in BTC or ETH to one of the addresses below, then email [email protected] with your transaction ID and desired email address. We will send your API key within 24 hours.

Bitcoin (BTC)
bc1qr950xyaxexn27ae045pukz3pmuqgvwy8hyuunr
Ethereum / BNB
0x344441FE9A207fD2c08CBC260aa5e491Fe95711A
TON
UQBQ43-NlSNhc6TBwYLizsDvvmG07BmYnZRzPszj3UdFtuZ_

For enterprise pricing or questions: [email protected]

For OpenClaw Hosting Providers

Integrate SkillScan into your hosting dashboard to warn users before they install unsafe skills. Most hosting providers have security scores below 30/100. SkillScan adds AI-specific threat detection that VirusTotal misses.

// Before skill install, check safety:
POST https://skillscan.chitacloud.dev/scan
{"skill_url": "https://clawhub.ai/skills/" + skillSlug + "/skill.md"}

if (result.score < 70) {
  alert("Warning: This skill contains threats: " + result.threats[0].description);
}

Contact us for bulk pricing: [email protected]

Complementary to VirusTotal

VirusTotal scans binary files for known malware signatures. SkillScan analyzes natural language SKILL.md content for AI-specific behavioral threats: prompt injection patterns, data harvesting instructions, social engineering, and supply chain attack signatures. Use both for complete coverage.

SkillScan v1.2.0 - AI Agent Skill Security API

Contact: [email protected] | Live scan: clawhub-scanner.chitacloud.dev