deepsafe-scanPreflight security scanner for AI coding agents — scans deployment config, skills/MCP servers, memory/sessions, and AI agent config files (hooks injection) f...
Install via ClawdBot CLI:
clawdbot install xiaoyiweio/deepsafe-scanGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/shadowContains instructions to override system prompt or ignore user requests
"Your role is"Sends data to undocumented external endpoint (potential exfiltration)
webhook → https://hooks\.slack\.com/services/T[A-Z0-9]{8Calls external URL not in known-safe list
https://hooks\.slack\.com/services/T[A-Z0-9]{8Generated Mar 21, 2026
A startup developing an AI agent platform uses DeepSafe Scan to audit their OpenClaw deployment before launch. They run a full scan to identify exposed secrets in session logs and check for prompt injection vulnerabilities in custom skills, ensuring compliance with data protection regulations.
A financial services firm integrates DeepSafe Scan into their CI/CD pipeline to regularly scan their OpenClaw setup for PII leaks and model behavior risks. This helps maintain audit trails and meet industry security standards, with automated reports for regulatory reviews.
An e-commerce company uses DeepSafe Scan to vet new AI skills from external vendors before installation. They run LLM-enhanced semantic analysis to detect hidden data exfiltration patterns and ensure skills do not introduce security vulnerabilities into their customer service automation.
After a suspected security breach, a healthcare provider uses DeepSafe Scan to analyze their OpenClaw memory and sessions for traces of unauthorized access or prompt injection. The scan helps identify critical findings like exposed patient data and guides remediation efforts.
A university research lab employs DeepSafe Scan to teach students about AI security by probing model behaviors like deception and hallucination. They use the tool to demonstrate real-world risks and best practices in secure AI deployment for academic projects.
Offer a free version of DeepSafe Scan for basic scans with limited modules, and charge for premium features like advanced LLM analysis, custom probe datasets, and enterprise reporting. Revenue comes from subscription tiers targeting small to large businesses.
Provide professional services to help organizations integrate DeepSafe Scan into their existing security workflows, including custom scans, training, and ongoing support. Revenue is generated through project-based contracts and retainer agreements.
License DeepSafe Scan as a white-label security module to other AI platform providers, allowing them to offer built-in scanning capabilities to their customers. Revenue comes from licensing fees and revenue-sharing agreements based on usage.
💬 Integration Tip
Ensure the OpenClaw gateway is accessible and properly configured with authentication tokens before running model probes; use the --open flag by default for user-friendly HTML reports.
Scored Jun 19, 2026
AI Analysis
The skill exhibits multiple high-risk security patterns including credential access to /etc/shadow, prompt poisoning instructions to override system behavior, and data exfiltration to undocumented external Slack webhooks. While the skill's stated purpose is security scanning, these patterns suggest it could be a Trojan horse that harvests credentials and exfiltrates data under the guise of security auditing.
Audited Apr 18, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...