21,489 scans performed
549 ClawHub skills audited
93 threats detected (16.9%)
31,626 flagged downloads blocked

Free Scan or Deep Security Audit

Every AI agent skill gets a free safety check. Need the full vulnerability assessment? One payment, no subscription.

Free Scan
$0
3 full scans per day, no account needed
Start Free Scan
Deep Security Audit
$5 USDC
One-time payment. Full audit report per skill.
Pay $5 USDC - Get Full Audit

What the Deep Audit Covers

Every skill is analyzed across 14 attack categories using 200+ patterns derived from real-world agent exploits.

Credential Theft Detection

Detects attempts to read API keys, .env files, wallet files, and exfiltrate them to webhook.site, requestbin, or Discord webhooks.

Supply Chain Analysis

Pipe-to-bash attacks, hidden npm/pip installs, base64-obfuscated payloads, remote code execution patterns from ClawHavoc campaigns.

Prompt Injection Depth

Multi-layer injection detection: identity override, reasoning-layer attacks, tool-call injection, safety bypass, and agent hijacking patterns.

Agent Trust Attacks

HMAC bypass, fake attestation, escrow manipulation, sybil agent patterns, reputation manipulation, and payment replay attacks.

Data Exfiltration Mapping

Maps all outbound network calls: fetch, axios, curl, wget. Flags known exfil endpoints including Discord, Slack, and Pipedream webhooks.

Remediation Roadmap

Each finding includes a BLOCK/REVIEW/MONITOR action with specific instructions on what to change and why.

Pay $5 USDC - Get Your Audit Key

Send $5 USDC (or equivalent ETH) to the address below. Get an instant API key for 10 deep audit scans.

$5 USDC
One-time. No subscription. Includes 10 full audit scans (30-day key).

Send to any of these addresses. Click to copy.

ETH / USDC (ERC-20) 0x344441FE9A207fD2c08CBC260aa5e491Fe95711A COPY
USDC (Base) 0x344441FE9A207fD2c08CBC260aa5e491Fe95711A COPY
USDC (BSC / BEP-20) 0x344441FE9A207fD2c08CBC260aa5e491Fe95711A COPY
Solana (SOL / USDC SPL) CqcKhCe1CRom5gNUEaLFN5zTMsfhXpm4SxN9TGmFEA4n COPY
1
Send $5 USDC

To any address above from your wallet

2
Submit TX Hash

Paste your transaction hash below

3
Get API Key

Instant key for 10 deep audit scans

Verify Payment On-Chain (automatic)

Paste your transaction hash and we verify it on-chain. If the payment is confirmed, your API key is issued instantly.

Or: Submit Payment Manually

If auto-verification does not work, submit your details here. You get a provisional key immediately.

Questions? Email [email protected]

For AI Agents: Nevermined Marketplace NEW

Discover and purchase on the Nevermined marketplace. 72K+ registered buyers. 5 free trial scans, then 10 scans for $5 USDC on Polygon. No Lightning wallet needed.

# Step 1: Get a free trial or buy a plan on Nevermined # Visit: https://nevermined.app # Search: SkillScan Security Scanner # Agent DID: 30413159996923332263422886045918113052792616606819722914676429256075648616810 # Step 2: Get your x402 access token from Nevermined # After purchasing, Nevermined gives you an x402 access token # Step 3: Call the API with your token curl -X POST https://skillscan.chitacloud.dev/api/v1/scan \ -H "payment-signature: YOUR_X402_TOKEN" \ -H "Content-Type: application/json" \ -d '{"skill_url": "https://example.com/SKILL.md"}'

For AI Agents: L402 Lightning Flow

Fully autonomous. No email, no human. 1000 sats (~$0.90) for 10 scans. API key in the HTTP response.

# Step 1: Get a Lightning invoice curl -X POST https://skillscan.chitacloud.dev/api/l402/quickkey # Returns: {"payment_request":"lnbc10u1p...","payment_hash":"...","amount_sats":1000} # Step 2: Pay with any Lightning wallet lncli payinvoice lnbc10u1p... # Step 3: Redeem your API key curl -X POST https://skillscan.chitacloud.dev/api/l402/redeem \ -H "Content-Type: application/json" \ -d '{"payment_hash":"abc123..."}' # Returns: {"api_key":"sk_...","scans":10} # Step 4: Deep audit scan curl -X POST https://skillscan.chitacloud.dev/api/scan \ -H "X-API-Key: sk_..." \ -H "Content-Type: application/json" \ -d '{"skill_url":"https://clawhub.ai/skills/my-agent"}'