Malwar: A Vulnerability Scanner for SKILL.md Files Built with Claude Code

Malwar is a vulnerability scanner specifically for SKILL.md files used by AI coding agents. It addresses a gap in security tooling where traditional code scanners look for malicious code, but SKILL.md files contain natural language instructions that can pose a different threat.
What Malwar Does
The tool runs a 4-layer pipeline against skill files:
- Rule engine
- URL crawler
- LLM analysis layer
- Threat intel
Why It Was Built
The developer was building agentic workflows and realized they were "blindly pulling skills from ClawHub and trusting them." After manually reading through skills, they found several concerning patterns that would raise red flags in other contexts:
- Base64 blobs
- Instructions telling the agent to curl something and pipe it to bash
- Weirdly specific references to file paths where credentials live
The developer notes: "The kind of thing that if you saw it in a shell script you'd close the tab immediately."
Technical Implementation
The entire tool was built with Claude Code, including:
- Architecture
- Detection rules
- The LLM analysis layer
- The REST API
The developer states: "Honestly couldn't have shipped it at this scope solo without it."
Availability
Malwar is free to use with source available on GitHub at https://ap6pack.github.io/malwar/.
📖 Read the full source: r/ClaudeAI
👀 See Also

AI-Built Apps Are Fragile: Why Small Changes Break Data Isolation and Permissions
Developers report that AI-generated apps (via Claude Code, Cursor) silently break login, permissions, and data isolation when small changes are made, because AI models lack understanding of original system intent like ownership rules.

Endo Familiar: Object-Capability Sandbox for AI Agents
Endo Familiar implements object-capability security for AI agents: agents start with zero ambient authority, receive only explicit references to specific files or directories, and can derive narrower capabilities in sandboxed code.

Secure and Protect OpenClaw in Just 2 Minutes with Nono Kernel-Based Isolation
OpenClaw users can now enjoy enhanced security without compromising performance, thanks to Nono kernel-based isolation, a quick and effective solution that takes just two minutes.

GitHub Copilot CLI vulnerability allows malware execution via prompt injection
A vulnerability in GitHub Copilot CLI allows arbitrary shell command execution via indirect prompt injection without user approval. Attackers can craft commands that bypass validation and execute malware immediately on the victim's computer.