ClawGuard

Overview

ClawGuard is a security analysis platform designed for the emerging world of AI agent skills (OpenClaw SKILL.md format). As AI agents gain the ability to install and execute third-party skills, the attack surface explodes. ClawGuard scans skills across 11 threat categories using four analysis layers: static pattern matching, YARA rules, tree-sitter AST inspection, and LLM-powered semantic review.

Key Features

• 11 Threat Categories: Detects malware signatures, prompt injection, credential harvesting, social engineering, data exfiltration, obfuscation, privilege escalation, supply chain risks, sandbox escape, resource abuse, and information disclosure.
• 4 Analysis Layers: Static regex patterns, YARA rule matching, tree-sitter AST analysis for structural threats, and Claude-powered semantic review for subtle attack vectors.
• Trust Scoring: Generates a 0-100 trust score with letter grades (A-F) based on findings across all analysis layers.
• Triple Interface: CLI for CI/CD pipelines, REST API for platform integration, and Next.js web dashboard for interactive analysis.
• Detailed Reports: Each finding includes severity, confidence, evidence snippets, and remediation suggestions.
• Extensible Rules: Add custom YARA rules and pattern definitions for organization-specific threats.

Technical Architecture

The analysis engine runs as a Python backend with FastAPI serving the REST API. Skills are ingested, unpacked, and run through the four analysis layers in sequence. Results are aggregated into a trust score and detailed report. The Next.js frontend provides an interactive dashboard for reviewing findings.

Core components:

• Static Analyzer: Regex-based pattern matching for known malicious signatures.
• YARA Engine: Custom YARA rules for binary and script analysis.
• AST Inspector: tree-sitter parsing for structural analysis of code patterns.
• Semantic Reviewer: Claude API-powered analysis for context-aware threat detection.
• Trust Scorer: Weighted aggregation of findings into final trust score.

Technology Stack

• Backend: Python, FastAPI, tree-sitter, YARA, Pydantic, Click (CLI)
• Frontend: Next.js 15, TypeScript, Tailwind CSS 4
• AI: Anthropic Claude SDK for semantic review
• Database: PostgreSQL (optional, asyncpg)
• Testing: 185 tests across all analysis layers

Current Status

Active development with all four analysis layers operational. CLI, REST API, and web dashboard functional. Trust scoring calibrated across 11 threat categories. Currently expanding YARA rule library and refining LLM-based semantic analysis prompts.