Declawed: An Advanced Community-Driven Malware Scanner for ClawHub SKILL.md Files

Declawed is a security tool designed to scan SKILL.md files uploaded to ClawHub. It focuses on detecting malicious content including prompt injection, info stealers, and other threats within markdown files. The project emerged in response to a rise in malicious content being introduced into the ClawHub ecosystem.

Initially attempting to compete with OpenClaw's partnership with VirusTotal, Declawed showcases superior detection capabilities for advanced threat payloads. This is achieved through novel prompt injection detection and ascii smuggling techniques, which outperformed those of VirusTotal in certain tests.

Central to Declawed's effectiveness is its community-driven nature. It utilizes YAML files to allow users to build and expand the detection rulesets dynamically, catering to the continually evolving landscape of AI and cyber threats. Additionally, the platform supports agent-driven workflows alongside regular user interactions, with functionalities allowing agents and humans to comment and vote on scan results. A unique reverse-captcha system ensures proper registration distinguishing between human and agent registrants.

Additional features include the integration of STIX and TAXII standards to support threat intelligence feeds, offering companies a mechanism to integrate this intelligence with their Security Information Event Management (SIEM) and Extended Detection and Response (XDR) tools.