Malwar¶
Static analysis engine purpose-built for detecting malware in agentic AI skill files.
What is Malwar?¶
Malwar is a 4-layer malware detection engine designed to catch threats embedded in natural language markdown instructions -- the kind that direct AI agents to perform malicious actions. Unlike traditional scanners that analyze binaries or source code, Malwar detects prompt injection, social engineering, obfuscated commands, and data exfiltration hidden inside SKILL.md files used by agentic AI platforms.
20% of ClawHub's 10,700+ skills are malicious. The ClawHavoc campaign alone trojanized 824+ skills to deliver the AMOS infostealer. VirusTotal sees nothing. Code scanners see nothing. Malwar was built to catch them.
How It Works¶
SKILL.md --> Rule Engine --> URL Crawler --> LLM Analyzer --> Threat Intel --> Verdict
<50ms 1-5s 2-10s <100ms
| Layer | What It Catches |
|---|---|
| Rule Engine | Obfuscated commands, prompt injection, credential exposure, exfiltration patterns (26 rules) |
| URL Crawler | Malicious URLs, domain reputation, redirect chains to C2 infrastructure |
| LLM Analyzer | Social engineering, hidden intent, context-dependent attacks invisible to regex |
| Threat Intel | Known IOCs, campaign attribution, threat actor fingerprints |
Full pipeline details: Architecture
Key Features¶
- 26 detection rules covering 7 threat categories
- 4-layer pipeline combining speed with depth
- Sub-50ms scans for rule-based detection
- SARIF 2.1.0 output for CI/CD integration
- REST API with 30+ endpoints, authentication, and RBAC
- Web dashboard with analytics, trend charts, and scan history
- Plugin system for extending detection with third-party plugins
- YAML DSL for writing custom rules without Python
- ML-based risk scoring for anomaly-aware threat assessment
- PostgreSQL backend support alongside SQLite
- Redis caching for scan results and rule compilations
- Scheduled scanning with configurable background jobs
- Multi-channel notifications via Slack, email, and webhooks
- Audit logging with immutable, append-only trail
- Rich TUI for interactive terminal usage
- Campaign tracking with IOC correlation and attribution
- STIX/TAXII export for SIEM integration
- Python SDK for embedding scans in your tools
- LangChain integration with scan-before-execute guards
- CI/CD templates for GitHub Actions, GitLab CI, and Azure DevOps
- ClawHub registry integration — browse, search, and scan skills directly from the registry
- Remote URL scanning — scan any SKILL.md hosted on the web
- Docker and Kubernetes deployment with Helm chart
Quick Install¶
Or with Docker:
See the full Installation Guide for all options.
Quick Scan¶
malwar scan SKILL.md # scan a file
malwar scan skills/ # scan a directory
malwar scan SKILL.md --format sarif # CI/CD output
malwar scan SKILL.md --no-llm # skip LLM (fast + free)
malwar crawl scan beszel-check # scan a ClawHub skill by slug
malwar crawl search "crypto" # search ClawHub registry
$ malwar scan suspicious-skill.md
MALICIOUS Risk: 95/100 Findings: 4
MALWAR-OBF-001 Base64-encoded command execution critical L14
MALWAR-CMD-001 Remote script piped to shell critical L22
MALWAR-EXFIL-001 Agent memory/identity file access critical L31
MALWAR-MAL-001 ClawHavoc campaign indicator critical L14
Scan completed in 42ms (rule_engine, threat_intel)
See the full CLI Reference and Quick Start Guide.
Documentation¶
| Section | Description |
|---|---|
| Getting Started | Installation, quick start, first scan |
| User Guide | CLI, API, detection rules, threat campaigns |
| Integrations | Python SDK, LangChain, GitHub Action, STIX/TAXII |
| Deployment | Docker, Kubernetes, production configuration |
| Development | Architecture, contributing, benchmarks |
Detection Accuracy¶
Tested against 44 fixtures (31 labeled, 13 real-world ClawHub samples):
| Metric | Value |
|---|---|
| Accuracy | 96.8% |
| Precision | 95.8% |
| Recall | 100.0% |
| F1 Score | 97.9% |
Every malicious sample is detected. See the full Accuracy Report.
Proprietary -- Copyright (c) 2026 Veritas Aequitas Holdings LLC. All rights reserved.