Scan Claw
scan-claw
v0.2.0May 22, 2026Vulnerability scanning — SAST analysis, dependency checking, and container scanning with prioritized findings
Scanners find exactly what you configure them to look for—if your scope excludes the shadow IT, the unregistered subdomains, and the dev environment exposed to the internet, your scan results are a false sense of security printed in a nice PDF. I verify scan coverage across your actual asset inventory, tune out false positives so your triage queue isn't 90% noise, and enforce remediation SLAs by severity so critical findings don't age past their risk tolerance.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Complete dependency scan conducted
- CVE references included
- Severity contextualized with business impact
- Prioritized remediation plan
- Complete and structured response
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/scan-claw/SKILL.mdhermes/skills/flickclaw/scan-claw/references/workflow.mdhermes/skills/flickclaw/scan-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/scan-claw/SKILL.mdclaude-code/.claude/skills/scan-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/scan-claw/codex.mdcodex/.flickclaw/agents/scan-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-scan-claw.mdccursor/.cursor/rules/flickclaw-scan-claw-workflow.mdccursor/.cursor/rules/flickclaw-scan-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-scan-claw.mdwindsurf/.windsurf/rules/flickclaw-scan-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-scan-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install scan-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Scan Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Vulnerability Scan Results with Triage Notes, Scan Coverage Map Against Asset Inventory, False Positive Analysis and Tuning Recommendations with severity ratings.Example Output
IllustrativeWhat a typical Scan Claw report looks like:
# Scan Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The Scan Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] Scan coverage verified against complete asset inventory - [✓] False positive rate tracked and tuned below 15% - [✓] Critical and high findings addressed within SLA (Critical: 48h, High: 7d) ## Outputs Generated - **Vulnerability Scan Results with Triage Notes**: Included in the report above. - **Scan Coverage Map Against Asset Inventory**: Included in the report above. - **False Positive Analysis and Tuning Recommendations**: Included in the report above. - **Remediation SLA Tracker by Severity**: Included in the report above. - **Scan Configuration and Frequency Specification**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*