agentvulnly-vulnerability-scannerScan AI agents for security vulnerabilities including token theft, prompt injection, command injection, tool poisoning, and rug pull attacks. Use when auditi...
Install via ClawdBot CLI:
clawdbot install krishnakumarmahadevan-cmd/agentvulnly-vulnerability-scannerGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
POST → https://portal.toolweb.in/apis/security/agentvulnlyCalls external URL not in known-safe list
https://portal.toolweb.inAI Analysis
The skill sends detailed agent architecture data to an undocumented external API controlled by a third party, creating potential data exfiltration and dependency risks. While the API usage aligns with the stated scanning purpose, the mandatory external call with billing tracking creates vendor lock-in and opaque data handling.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A company deploys an AI agent for customer support using LangChain and GPT-4, with tools for accessing customer databases and email. This scenario involves scanning for vulnerabilities like prompt injection and token theft to ensure secure handling of sensitive customer data and prevent unauthorized access.
A financial firm uses an OpenClaw-based AI agent with tools for real-time market data and transaction processing. The scan evaluates risks such as rug pull attacks and command injection to safeguard financial operations and maintain compliance with security regulations.
A healthcare provider implements a multi-agent system with CrewAI to manage patient records and appointment scheduling. This scenario focuses on vulnerabilities like tool poisoning and unauthenticated access to protect patient privacy and ensure HIPAA compliance.
An IT company uses an autonomous agent with AutoGen for automating DevOps tasks like code deployment and server management. The scan checks for command injection and token passthrough vulnerabilities to prevent system breaches and maintain operational integrity.
An educational platform integrates MCP servers with an AI agent to provide personalized learning tools. This scenario involves scanning for vulnerabilities such as prompt injection and token theft to secure student data and ensure safe tool interactions.
Offer recurring vulnerability scans for AI agents, providing continuous monitoring and updates. This model generates steady revenue through monthly or annual subscriptions, appealing to businesses needing ongoing security assessments for their AI deployments.
Charge users based on the number of API calls made for vulnerability scans. This model allows flexible pricing for occasional users, with tracking for billing to ensure revenue from each scan performed by the skill.
Provide in-depth security analysis and remediation services alongside the scanner. This model targets large organizations with complex AI systems, offering customized reports and support for higher-value contracts and long-term partnerships.
💬 Integration Tip
Ensure the TOOLWEB_API_KEY is securely stored in environment variables and use curl for API calls to leverage expert analysis without manual setup.
Scored Apr 19, 2026
Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
Scan networks to discover devices, gather MAC addresses, vendors, and hostnames. Includes safety checks to prevent accidental scanning of public networks.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guida...
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.