Clawkeeper
Open source CLI + SaaS dashboard

Secure your OpenClaw
AI agent deployment

OpenClaw has 180k+ stars and critical security gaps. Clawkeeper scans your installation for misconfigurations, exposed credentials, malicious skills, and known CVEs — then gives you a letter grade and a plan to fix it.

$ curl -fsSL https://clawkeeper.dev/install.sh | bash
Terminal
$ clawkeeper scan

  Clawkeeper v1.0 — OpenClaw Security Scanner

  Scanning OpenClaw installation...

  ✓ OpenClaw v0.42.1 detected (⚠ CVE-2026-25253 applies)
  ✓ WebSocket binding: localhost only
  ✗ API keys exposed in ~/.openclaw/config.yaml
  ✗ 2 suspicious skills detected (flagged on ClawHub)
  ✓ Auth enabled on admin interface
  ✗ No firewall rule for port 3000

  Security Grade: C (68/100)
  ✓ Passed: 14   ✗ Failed: 5   ⊘ Skipped: 2

  Run clawkeeper scan --fix to auto-remediate where possible.

Everything you need to secure OpenClaw

From a single-machine scan to org-wide continuous monitoring of every OpenClaw instance.

One-Line Install
Scan any OpenClaw installation with a single command. Works on macOS and Linux — no EDR, no dependencies, no account required for the CLI.
Malicious Skill Detection
Detect known-malicious and suspicious skills from ClawHub. Clawkeeper checks installed skills against a threat intelligence feed.
Credential Exposure Checks
Find leaked API keys, tokens, and secrets in OpenClaw config files, environment variables, and skill data directories.
Multi-Instance Monitoring
Track security posture across all your OpenClaw deployments in one dashboard. See grades, scores, and trends at a glance.
Smart Alerts
Get notified when grades drop, new skills are installed, credentials are exposed, or scores fall below thresholds.
Score History & Trends
Visualize how your OpenClaw security posture changes over time. Catch config drift and regressions before they become incidents.
CVE & Version Checks
Detect outdated OpenClaw versions with known CVEs like CVE-2026-25253 (WebSocket RCE). Stay ahead of public exploits.
Continuous Compliance
OpenClaw configurations drift over time. Hourly scans catch changes as they happen, not weeks later during an audit.

Simple, transparent pricing

The CLI is free and open source. Add the dashboard when you need fleet-wide visibility and alerts.

Free
$0/mo
Perfect for individual developers
  • 1 OpenClaw instance
  • 7 days scan history
  • 1 API key
  • Dashboard overview
  • Grade & score tracking
Pro
Popular
$29/mo
For teams running OpenClaw across multiple machines
  • Up to 50 instances
  • 365 days scan history
  • 10 API keys
  • Email alerts (grade drop, skill install, credential exposure)
  • Up to 20 alert rules
  • Priority support
Enterprise
Custom
Fleet-wide OpenClaw security with RAD Security platform
  • Unlimited instances
  • Kubernetes-native discovery
  • Runtime behavioral analysis
  • SSO / SAML integration
  • SIEM & SOAR integrations
  • Dedicated support & SLA