12% of ClawHub skills are malicious. A Snyk security audit found 341 trojanized skills delivering the AMOS infostealer to 300,000 users — and that was just the first wave. By February, 824+ malicious skills were live across 10,700+ listings. VirusTotal missed all of them. Code scanners missed all of them. Malwar catches them.
pip install malwar
malwar db init
malwar scan SKILL.md
I was installing Claude Code skills from ClawHub without a second thought — until the ClawHavoc campaign dropped. Hundreds of skills were trojanized with the AMOS infostealer, targeting wallet keys, SSH credentials, and agent memory files. The attacks weren't binaries or exploit code. They were natural language instructions hidden in Markdown, telling the AI to run curl | bash as a "prerequisite." No existing security tool is built to catch that. So I built one.
SKILL.md → Rule Engine → URL Crawler → LLM Analyzer → Threat Intel → Verdict
<50ms 1-5s 2-10s <100ms
| Layer | What it catches |
|---|---|
| Rule Engine | Obfuscated commands, prompt injection, credential exposure, exfiltration patterns (26 rules) |
| URL Crawler | Malicious URLs, domain reputation, redirect chains to C2 infrastructure |
| LLM Analyzer | Social engineering, hidden intent, context-dependent attacks invisible to regex |
| Threat Intel | Known IOCs, campaign attribution, threat actor fingerprints |
Full pipeline details: Architecture
malwar scan SKILL.md # scan a file
malwar scan skills/ # scan a directory
malwar scan SKILL.md --format sarif # CI/CD output
malwar scan SKILL.md --no-llm # skip LLM (fast + free)
malwar crawl scan beszel-check # scan a ClawHub skill by slug
malwar crawl url https://example.com/SKILL.md # scan any remote SKILL.md$ malwar scan suspicious-skill.md
MALICIOUS Risk: 95/100 Findings: 4
MALWAR-OBF-001 Base64-encoded command execution critical L14
MALWAR-CMD-001 Remote script piped to shell critical L22
MALWAR-EXFIL-001 Agent memory/identity file access critical L31
MALWAR-MAL-001 ClawHavoc campaign indicator critical L14
Scan completed in 42ms (rule_engine, threat_intel)
For development:
git clone https://github.com/Ap6pack/malwar.git && cd malwar
pip install -e ".[dev]"
malwar db initFull command reference: CLI Guide
malwar serve # http://localhost:8000curl -X POST http://localhost:8000/api/v1/scan \
-H "Content-Type: application/json" \
-d '{"content": "...", "file_name": "SKILL.md"}'30+ endpoints covering scan submission, results, SARIF export, signatures CRUD, campaigns, reports, dashboard analytics, audit logs, and RBAC. Auth via X-API-Key header.
Full endpoint reference: API Docs
Built-in browser UI at http://localhost:8000 when running the API server.
 |
 |
 |
 |
React 19 · TypeScript · Vite · Tailwind CSS 4 · Recharts
docker compose up -d # API + Dashboard at http://localhost:8000Multi-stage build: Node.js compiles the frontend, Python 3.13-slim runs the backend.
Full deployment guide: Deployment
All settings via environment variables with MALWAR_ prefix or .env file. Key settings:
| Variable | Default | Description |
|---|---|---|
MALWAR_API_KEYS |
(empty) | API keys (empty = auth disabled) |
MALWAR_ANTHROPIC_API_KEY |
(empty) | Anthropic key for LLM layer |
MALWAR_DB_PATH |
malwar.db |
SQLite database path |
All 40+ configuration options →
pytest # 1,504 tests
ruff check src/ tests/ # lint
mypy src/ # type check37 test fixtures: 5 benign, 10 malicious (synthetic), 22 real-world samples from ClawHub and Snyk research.
Full dev guide: Development
| Architecture | Pipeline design, scoring logic, storage layer |
| API Reference | All 30+ endpoints with schemas and examples |
| Detection Rules | All 26 rules with patterns and false positive guidance |
| Threat Campaigns | Campaign tracking, ClawHavoc case study |
| CLI Reference | Every command with flags and examples |
| Deployment | pip, Docker, nginx, production config |
| Development | Adding rules, endpoints, testing, conventions |
Extensibility — YAML DSL for custom rules, rule testing framework, plugin system, ML-based risk scoring.
Infrastructure — PostgreSQL backend support, Redis caching layer, GitLab CI and Azure DevOps templates.
Security & Compliance — Immutable audit logging, role-based access control (RBAC), CI security scanning with SBOM.
Operations — Scheduled background scanning, multi-channel notifications (Slack, email, webhooks), git diff scanning.
User Experience — Dashboard analytics with trend charts, Rich TUI for interactive terminal usage.
Registry Integration — malwar crawl command to browse, search, and scan skills directly from ClawHub. Also supports scanning any remote SKILL.md by URL.
1,504 tests | 26 detection rules | 82% coverage
MIT License — Copyright (c) 2026 Veritas Aequitas Holdings LLC.