NOW LIVE ON CLAWHUB

ClawHub scans the
marketplace. We scan
your deployment.

VirusTotal tells you a skill was clean when it was published. It can't see what's already running on your machine, whether you're patched against CVE-2026-25253, or if your config is handing attackers the keys. That's what BulwarkAI Scanner does — weekly, automatically, delivered in your OpenClaw chat.

Cancel anytime  ·  API key delivered instantly  ·  Install from ClawHub in 2 minutes

BulwarkAI Scanner — Weekly Report
# Sunday 9:00 AM — automated scan
# OpenClaw v2026.1.37 · 14 skills installed
 
CRITICAL (2)
solana-wallet-tracker
  → ClawHavoc campaign — remove immediately
youtube-summarize-pro
  → AMOS stealer detected — credentials at risk
 
HIGH (1)
Gateway bound to 0.0.0.0
  → Set gateway.bind = "loopback"
 
CLEAN (11)
github, linear, notion [+8 more]
 
# Next scan: Sunday Feb 29 · 9:00 AM
20% ClawHub skills are malicious Koi Security + Bitdefender, Feb 2026
824 Confirmed malicious skills found ClawHavoc campaign update
8.8 CVSS — CVE-2026-25253 RCE DepthFirst, patched Jan 30
21K+ OpenClaw instances exposed online Censys scan, Jan 31 2026
What gets scanned

What VirusTotal can't see.
We can.

☠️
Already-Installed Skill Audit
VirusTotal screens new uploads to ClawHub. It doesn't scan what's already on your machine. BulwarkAI matches every currently installed skill — including anything installed before the VT integration launched in February — against our threat intelligence database.
CRITICAL
🔓
CVE Exposure Check
Verifies you're running a patched version. Flags CVE-2026-25253 (1-click RCE, CVSS 8.8), CVE-2026-24763 and CVE-2026-25157 (command injection). Even localhost-only instances are vulnerable to these.
CRITICAL
⚙️
Config Security Audit
Checks your openclaw.json against the BulwarkAI hardening baseline: gateway binding, auth token mode, exec approval settings, filesystem scope, and credential storage patterns.
HIGH
🧠
Memory Poisoning Patterns
Identifies skills attempting to write to SOUL.md or MEMORY.md — the time-delayed attack vector Palo Alto called "stateful, delayed-execution attacks" that survive session resets.
HIGH
💸
Cost Runaway Detection
Flags missing API spending limits and cost-anomaly behavioral patterns. An agent with no budget cap and broad permissions will drain your account — users report $800/month surprise bills.
MEDIUM
📡
C2 Infrastructure Matching
Cross-references installed skills and configuration against known command-and-control infrastructure. The ClawHavoc campaign used a single C2 IP (91.92.242.30) across all 335 AMOS-delivering skills.
CRITICAL
Setup

Running in 2 minutes.

1
Subscribe
$19/month. API key delivered to your email instantly after checkout.
2
Install from ClawHub
clawhub install bulwarkai-scanner
3
Add your API key
One line in openclaw.json. Takes 30 seconds.
4
Say "set up weekly scans"
Your agent registers the cron job. Automated reports every Sunday morning.
Pricing

Simple.
$19/month.

BulwarkAI Scanner
$19 / month
Cancel anytime. No contracts.
  • Runtime deployment audit — scans what's actually installed on your machine, not just new marketplace uploads
  • CVE version check — flags all known OpenClaw vulnerabilities
  • Config security audit — 7-point hardening baseline check
  • Memory poisoning detection — catches language-based attacks VirusTotal static analysis can't see
  • Automated weekly cron scans with chat delivery
  • Complete remediation steps per finding — not just alerts
  • Scan history — track your security posture over time
  • API key for direct integration into your OpenClaw workflow
Subscribe — $19/month →

Cancel anytime via customer portal. No questions asked.

Already have the Security Kit? It includes 1 month of Scanner free as an order bump at checkout.
FAQ

Questions.

Yes — that's the point. On first scan it audits everything currently installed and flags any threats. New skills get checked on your next weekly scan. You can also trigger a manual scan anytime by telling your agent to "scan my OpenClaw setup."
Signatures sourced from Koi Security's ClawHavoc audit (824 malicious skills), Antiy CERT's malware analysis, Snyk's skill vulnerability research, and DepthFirst's CVE disclosures. The database updates as new threats are discovered. Critically: this covers threats that VirusTotal's static analysis cannot catch — prompt injection patterns, memory poisoning payloads written in natural language, and skills installed before ClawHub's VT integration launched.
No. The scanner skill is specifically designed to redact sensitive values before sending any data to the API. It sends structural configuration data (what settings are enabled/disabled), not credential values. You can inspect the SKILL.md source on ClawHub before installing.
Just tell your agent "scan my OpenClaw setup" any time. The weekly cron is optional — it's set up with one command but you're never required to use it. Manual scans count against your daily limit (50/day), which is far more than any real use case needs.
Through the ThriveCart customer portal. You can cancel, update your payment method, or download invoices there. Lost your API key? Get it re-sent here.
The ClawHub skill includes a free one-time scan that returns a summary: total skills, CVE status, and your single highest-priority finding. The full report with all findings and remediation steps requires a subscription. Install from ClawHub and run "scan my OpenClaw setup" to try it.