MIT Licensed • Open Source

Scan Your AI Agents
Before Someone Else Does

Open-source infrastructure scanner for ClaWDBOT and OpenClaw instances. Find vulnerabilities. Audit plugins. Ship safer.

View on GitHub

An open-source project by Nanosecond AI • MIT Licensed

nanoguard — scan
$ nanoguard scan https://example.com:3000
🛡️ NanoGuard Instance Scan — https://example.com:3000
CRITICALCVE-2026-25253: Remote code execution
ClaWDBOT v0.45.3 detected, patch to ≥2026.1.29
CRITICALNo authentication on MCP endpoint /api/mcp
HIGH TLS certificate expired (2025-12-01)
MEDIUM Config file exposed at /.env (returned 200)
INFO Port 5555 open (MCP Streamable HTTP)
Summary: 2 CRITICAL, 1 HIGH, 1 MEDIUM, 1 INFO
0+
ClaWDBOT instances exposed
Zero authentication on the public internet (Source: Censys, Feb 2026)
CVSS 8.8
Critical RCE vulnerability
CVE-2026-25253 — One-click remote code execution (NVD)
15%
Malicious ClawHub skills
341+ skills contain malicious instructions (Source: Koi Security, Feb 2026)

The most popular AI agent platforms ship with no authentication on critical endpoints. NanoGuard finds these problems before attackers do.

Two Commands. Complete Coverage.

Instance scanning and skill auditing in a single tool.

📡
nanoguard scan <url>
Port exposure detection across 6 default ports
Authentication bypass checks on MCP endpoints
Version detection with automatic CVE matching
TLS certificate analysis (expired, self-signed, weak ciphers)
Exposed configuration file detection (.env, config.json)
$ nanoguard scan https://my-instance:3000 --format json
🔬
nanoguard audit <path>
YARA pattern matching for known malware signatures
Semgrep AST-level taint tracking (Python/JS/TS)
Primitive detection (credential theft, data exfiltration, encoding)
Optional LLM-as-judge analysis (Claude API)
Cross-engine consistency scoring
$ nanoguard audit ./my-skill/ --format sarif
Output Formats: Text (default) • JSON • SARIF   |   Exit Codes: 0 clean • 1 warnings • 2 critical

Install in 10 Seconds

One command. No accounts. No cloud. Runs entirely offline.

$ pip install nanoguard
With Semgrep Support
$ pip install nanoguard[semgrep]

Adds AST-level taint tracking for Python, JavaScript, and TypeScript.

For Contributors
$ git clone https://github.com/nanosec-ai/nanoguard
$ pip install -e ".[dev,semgrep]"
$ pytest tests/ -v

Full dev environment. See CONTRIBUTING.md.

Requires Python 3.11+. Works on macOS, Linux, and Windows.

How It Works

Instance Scanning Pipeline
Target URL
SSRF Check
Gate 1
Port Probe
Gate 2
Version ID
Gate 3
Security Checks
Report
Skill Audit Pipeline
Skill Path
Extract
YARA
Semgrep
Primitives
LLM Judge*
Score
Report

*Optional — requires --llm flag and ANTHROPIC_API_KEY

Use Cases

🖥️
Secure Your ClaWDBOT Instance
Scan exposed ports, check for missing authentication, detect unpatched CVEs, and verify TLS configuration. One command, full report.
🔍
Audit Skills Before Installing
Analyze ClawHub skills for credential theft, prompt injection, data exfiltration, and obfuscated malicious code. Don't install blind.
⚙️
CI/CD Security Gate
Run nanoguard audit in GitHub Actions. Exit code 2 fails the build on critical findings. SARIF output integrates with GitHub Code Scanning.
🔬
Security Research
JSON output for automated analysis. YARA and semgrep rule authoring for custom detection. Extensible CVE database for community contributions.

What's Next

Shipping
Scanner v1.0
Instance vulnerability scanning + skill supply chain analysis. CLI tool with CI/CD integration.
Next
Auth Reference Implementation
Device pairing, PIN verification, tiered security model. Reference implementation for the community.
Planned
Authorization Evidence Spec
Open standard for how authorization evidence is formatted, transmitted, and verified across the agent ecosystem.
More coming → Nanosecond AI

Stay Updated

Product updates, security research, and early access to future Nanosecond AI projects. No spam. Unsubscribe anytime.

We will never gate NanoGuard features behind this mailing list. pip install works without signup.