ClawScan autonomously scans OpenClaw instances for security vulnerabilities using AI-powered tools. It probes for misconfigurations, exposed endpoints, authentication flaws, and injection vectors — all mapped to the OWASP Agentic Top 10. Enter a URL → get a letter grade (A+ to F) → share your report. Cross-references 2,917+ known vulnerabilities with actionable remediation for every finding. Built with Claude as the autonomous scanning brain.

Framer — Launch websites with enterprise needs at startup speeds.

Launch websites with enterprise needs at startup speeds.

I built ClawScan after noticing that OpenClaw — one of the most popular self-hosted AI platforms — had thousands of instances exposed online with default configurations and zero security hardening.

The OWASP Agentic Top 10 gave us a framework for what to look for, but no automated tool existed to actually check for these vulnerabilities. So I built one.

ClawScan uses Claude as its scanning brain. It doesn't just run static checks — it reasons about what it finds, chaining discoveries together the way a real security researcher would. Enter any OpenClaw URL and within minutes you'll know exactly where the gaps are, mapped to real CVEs and the OWASP framework.

The grading is intentionally aggressive (93%+ still gets an F) because security shouldn't give you a false sense of safety.

Would love to hear your feedback — and if you're running an OpenClaw instance, scan it and share your grade!

Framer — Launch websites with enterprise needs at startup speeds.

Launch websites with enterprise needs at startup speeds.

ClawScan

AI Vulnerability Researcher for OpenClaw Instances

AI Vulnerability Researcher for OpenClaw Instances