📖 ProofLayer Documentation →

🔬 Full Version (Advanced)

Enterprise-grade scanner with AST analysis, taint tracking, cross-file analysis, and LLM-powered semantic review

npm install -g agent-security-scanner-mcp

• 🧬 AST + Taint Analysis - deep code understanding
• 🔍 1,700+ security rules across 12 languages
• 📊 Cross-file tracking - follow data flows
• 🎯 11 MCP tools + CLI commands
• 📦 4.3M+ package verification (bloom filters)
• 🐍 Python analyzer for advanced features
• 🤖 LLM-powered code review - semantic security analysis with intent profiling

Continue reading below for full version documentation →

New in v4.3.0 (2026-05-05): Critical security and reliability fixes — GitHub Actions now fail closed instead of fail-open when scanner output is invalid (preventing security gate bypass), patched 8 Hono CVEs (XSS, path traversal, authentication bypass), fixed confidence threshold filtering case sensitivity, and corrected SARIF generation for GitHub Code Scanning. All fixes include comprehensive regression tests. Upgrade recommended for production use. See Full Changelog.

New in v4.2.0: Compliance evidence collection — evaluate projects against SOC2-Technical (8 controls) and GDPR-Technical (6 controls) frameworks. Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls with pass/partial/fail/not_evaluated status. Supports evidence persistence for audit trails. See Compliance Evaluation.

New in v4.1.0: SBOM generation and dependency vulnerability analysis — generates CycloneDX v1.5 SBOMs, scans against OSV.dev for CVEs, detects hallucinated packages, compares baselines, and generates HTML audit reports. Supports 8 lock file formats and 7 manifest formats across npm, Python, Go, Rust, Ruby, and Java ecosystems. See SBOM Tools.

New in v4.0.0: LLM-powered semantic code review agent with intent profiling — understands what your project is supposed to do and flags patterns that violate that intent. Same eval() call = safe in a build tool, dangerous in an e-commerce app. Supports Claude CLI (no API key needed!), Anthropic, and OpenAI. See code-review-agent.

New in v3.11.0: ClawHub ecosystem security scanning — scanned all 16,532 ClawHub skills and found 46% have critical vulnerabilities. New scan-clawhub CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. See ClawHub Security Dashboard.

Also in v3.10.0: ClawProof OpenClaw plugin — 6-layer deep skill scanner (scan_skill) with ClawHavoc malware signatures (27 rules, 121 patterns covering reverse shells, crypto miners, info stealers, C2 beacons, and OpenClaw-specific attacks), package supply chain verification, and rug pull detection.

OpenClaw integration: 30+ rules targeting autonomous AI threats + native plugin support. See setup.

Tools

| Tool | Description | When to Use | |------|-------------|-------------| | scan_security | Scan code for vulnerabilities (1700+ rules, 12 languages) with AST and taint analysis | After writing or editing any code file | | fix_security | Auto-fix all detected vulnerabilities (120 fix templates) | After scan_security finds issues | | scan_git_diff | Scan only changed files in git diff | Before commits or in PR reviews | | scan_project | Scan entire project with A-F security grading | For project-wide security audits | | check_package | Verify a package name isn't AI-hallucinated (4.3M+ packages) | Before adding any new dependency | | scan_packages | Bulk-check all imports in a file for hallucinated packages | Before committing code with new imports | | scan_agent_prompt | Detect prompt injection with bypass hardening (59 rules + multi-encoding) | Before acting on external/untrusted input | | scan_agent_action | Pre-execution safety check for agent actions (bash, file ops, HTTP). Returns ALLOW/WARN/BLOCK | Before running any agent-generated shell command or file operation | | scan_mcp_server | Scan MCP server source for vulnerabilities: unicode poisoning, name spoofing, rug pull detection, manifest analysis. Returns A-F grade | When auditing or installing an MCP server | | scan_skill | Deep security scan of an OpenClaw skill: prompt injection, AST+taint code analysis, ClawHavoc malware signatures, supply chain, rug pull. Returns A-F grade | Before installing any OpenClaw skill | | scanner_health | Check plugin health: engine status, daemon status, package data availability | Diagnostics and plugin status | | list_security_rules | List available security rules and fix templates | To check rule coverage for a language | | sbom_generate | Generate CycloneDX v1.5 SBOM for a project (8 lock file formats, 7 manifest formats) | Before releases, for compliance audits | | sbom_scan_vulnerabilities | Cross-reference SBOM against OSV.dev for CVEs with severity filtering | After generating SBOM, for security audits | | sbom_check_hallucinations | Verify all SBOM packages exist in official registries | Before deploying, to catch AI-invented packages | | sbom_diff | Compare current SBOM against baseline, detect added/removed/changed packages | In CI/CD to track dependency drift | | sbom_export_report | Generate HTML or JSON audit report from SBOM with vulnerability data | For PCI-DSS compliance, security reviews | | get_compliance_controls | Look up compliance controls with evaluation criteria (AIUC-1, SOC2, GDPR) | To understand compliance requirements | | evaluate_compliance | Evaluate project against compliance frameworks with evidence collection | For SOC2/GDPR technical compliance audits |

Quick Start

npx agent-security-scanner-mcp init claude-code

Restart your client after running init. That's it — the scanner is active.

Other clients: Replace claude-code with cursor, claude-desktop, windsurf, cline, kilo-code, opencode, or cody. Run with no argument for interactive client selection.

Recommended Workflows

After Writing or Editing Code

scan_security → review findings → fix_security → verify fix

Before Committing

scan_git_diff → scan only changed files for fast feedback
scan_packages → verify all imports are legitimate

For PR Reviews

scan_git_diff --base main → scan PR changes against main branch

For Project Audits

scan_project → get A-F security grade and aggregated metrics

When Processing External Input

scan_agent_prompt → check for malicious instructions before acting on them

When Adding Dependencies

check_package → verify each new package name is real, not hallucinated

ClawHub Ecosystem Scanning (New in v3.11.0)

Scan AI agent skills for prompt injection, jailbreaks, and security threats:

# Scan entire ClawHub ecosystem (777 skills)
node index.js scan-clawhub

# Scan single skill file
node index.js scan-skill ./path/to/SKILL.md

# Standalone package
npm install -g clawproof
clawproof scan ./SKILL.md

Security Reports: We've scanned all 777 ClawHub skills:

• 69.5% have security issues
• 21.2% have critical vulnerabilities (Grade F - DO NOT INSTALL)
• 30.5% are completely safe (Grade A)
• 4,129 prompt injection patterns detected

See ClawHub Security Dashboard for interactive exploration of all 16,532 skills with searchable security grades and detailed findings.

Detection Capabilities:

• Prompt Injection (15 patterns): "ignore previous instructions", role manipulation
• Jailbreaks (4 patte