clawvet
NewSecurity scanner for OpenClaw SKILL.md files — catch prompt injection, hidden unicode, and shell vectors before your agent runs them
Summary
md files for security vulnerabilities like prompt injection, hidden unicode characters, and shell command injection vectors.
- It helps developers safely review and vet skills before running them in their agent environment.
Install & Usage
mkdir -p .claude/skillsmkdir -p .claude/skills && curl -o .claude/skills/clawvet.md https://raw.githubusercontent.com/BeardedChop/clawvet/main/SKILL.md/clawvetUse Cases
Usage Examples
/clawvet path/to/skill/SKILL.md
Scan the SKILL.md file in the current directory for security issues.
/clawvet --recursive ./skills/
Security Audits
Frequently Asked Questions
What is clawvet?
clawvet scans OpenClaw SKILL.md files for security vulnerabilities like prompt injection, hidden unicode characters, and shell command injection vectors. It helps developers safely review and vet skills before running them in their agent environment.
How to install clawvet?
To install clawvet: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/clawvet.md https://raw.githubusercontent.com/BeardedChop/clawvet/main/SKILL.md. Finally, /clawvet in Claude Code.
What is clawvet best for?
clawvet is a skill categorized under General. It is designed for: security, agent. Created by BeardedChop.
What can I use clawvet for?
clawvet is useful for: Scan a newly downloaded SKILL.md file for prompt injection attacks before executing it.; Detect hidden unicode characters or zero-width spaces that could alter skill behavior.; Identify shell command injection vectors in skill definitions that might execute unauthorized commands.; Audit a collection of community skills for security issues before integrating them into your workflow.; Verify that a custom skill you wrote does not contain accidental security flaws.; Check for obfuscated or encoded payloads embedded in skill instructions..