● OpenClaw Skill — Works Now

Stop trusting skills.
Start watching them.

341 malicious skills were found on ClawHub. Scanners check code before install. SkillFence watches what code does after — network calls, credential reads, process activity. All logged. All alerted.

SkillFence Active | 0 skills | 0 alerts
Live Scan Output ● Scanning...
341
Malicious skills on ClawHub
26%
Skills with vulnerabilities
0
Runtime monitors before this
<5ms
Scan time per skill
How it works

Monitor. Detect. Alert.

01

Scan skills

Analyzes every installed skill for known C2 addresses, dangerous command patterns, credential access, and data exfiltration code.

02

Watch runtime

Monitors active network connections, running processes, and file access in real-time. Catches threats that only trigger during normal use.

03

Alert & log

Severity-rated alerts (🔴🟠🟡🟢) with full audit trail. Every scan, block, and finding logged with timestamps for forensic review.

What it catches

Known threats. Live detection.

ThreatDetection MethodSeverity
Known C2 servers (ClawHavoc)IP/domain matchingCRITICAL
Active reverse shellsProcess monitoringCRITICAL
Crypto minersProcess monitoringCRITICAL
curl | sh pipe attacksPattern matchingHIGH
Credential file theftFile access monitoringHIGH
Data exfiltration (read + send)Combined pattern analysisHIGH
Obfuscated payloadsBase64 decode detectionMEDIUM
Suspicious IP connectionsNetwork monitoringMEDIUM
Pricing

Free forever. Pro when ready.

Free
$0
Forever
  • Full system scans
  • Runtime monitoring
  • Network & process checks
  • Credential access alerts
  • Audit trail logging
  • Open source
Install Free
Pro
$9/mo
Cancel anytime
  • Everything in Free
  • Persistent threat dashboard
  • Weekly security digests
  • Custom threat rules
  • Webhook alerts (Slack/Discord)
  • Priority threat intelligence
Get Pro →

30-second install

$ clawhub install skillfence

Click to copy. No dependencies. No API keys. Just Node.js.

Also by CascadeAI

🔥ZeroRules — Kill 70% Token Waste

Intercept deterministic tasks before they burn tokens. Math, time, currency, files, dates → $0.

View →