openscanScan binaries and scripts for malicious patterns before trusting them. Use when installing skills, evaluating unknown binaries, or auditing tool dependencies.
Install via ClawdBot CLI:
clawdbot install dev-null321/openscanLightweight malware detection for macOS and Linux binaries/scripts. Ported from the Harkonnen antimalware engine.
Binary Analysis:
Pattern Detection:
Script Analysis:
# Scan a single binary
node bin/scan.js /path/to/binary
# Scan a skill folder
node bin/scan.js /path/to/skill-folder
# JSON output for automation
node bin/scan.js /path --json
# Only show threats
node bin/scan.js /path --quiet0 - Clean (score ≤ 20)1 - Suspicious (score 21-60)2 - High threat (score > 60)Each file receives a score from 0-100:
| Score | Level | Meaning |
|-------|----------|--------------------------------------|
| 0-20 | CLEAN | No significant findings |
| 21-40 | LOW | Minor concerns, probably safe |
| 41-60 | MEDIUM | Suspicious patterns, review manually |
| 61-80 | HIGH | Likely malicious or dangerous |
| 81-100| CRITICAL | Known malicious patterns |
Use before installing or trusting unknown binaries:
// Example: scan before allowing a skill's binary
const { scanFile } = require('openscan/lib/scanner');
async function checkBinary(binPath) {
const result = await scanFile(binPath);
if (result.threatScore > 40) {
throw new Error(`Binary failed security scan: ${result.findings.join(', ')}`);
}
return true;
}Detection logic ported from Harkonnen antimalware engine.
Generated Mar 1, 2026
AI agent developers can use OpenScan to automatically scan third-party skill packages before installation, ensuring no malicious binaries or scripts are introduced. This prevents supply chain attacks and maintains platform integrity by flagging suspicious patterns like obfuscated code or dangerous shell commands.
Integrate OpenScan into CI/CD pipelines to scan build artifacts, dependencies, and deployment scripts for malware indicators. It helps detect compromised tools or scripts early, reducing risk in production environments by checking for high entropy binaries or suspicious API references.
Open source maintainers can use OpenScan to audit contributions and dependencies for security threats before merging code. This ensures community trust by identifying potential backdoors, such as embedded network indicators or privilege escalation attempts in scripts.
In cybersecurity courses, instructors deploy OpenScan to teach students about malware detection techniques by analyzing real-world binaries and scripts. It provides hands-on experience with threat scoring and pattern recognition, covering topics like binary parsing and shellcode detection.
IT departments use OpenScan to evaluate unknown or custom-developed tools before deployment on corporate systems. It scans for malicious patterns like disabled security features or suspicious dylibs, helping enforce security policies and prevent insider threats.
Offer OpenScan as a free basic tool for individual developers, with premium features like advanced signature databases, automated reporting, and API access for enterprises. Revenue is generated through subscription plans for teams needing enhanced threat detection and integration support.
License OpenScan to AI agent platforms, DevOps tool vendors, or open source projects for embedding directly into their ecosystems. Charge based on usage volume or per-seat licensing, providing custom support and updates to ensure seamless security scanning within their workflows.
Provide consulting services to organizations needing tailored malware detection solutions, such as custom rule sets for specific industries or integration with existing security tools. Revenue comes from project-based fees and ongoing support contracts for specialized deployments.
💬 Integration Tip
Integrate OpenScan early in development pipelines using its JSON output for automation, and test on known clean binaries first to calibrate threat scores and avoid false positives in production.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.