ClawSecure, a San Francisco-based startup founded by J.D. Salbego, launched on March 24 as a free OpenClaw security platform that bundles code scanning, 24/7 monitoring, an API for programmatic verification, and a public registry of 2,890+ audited skills. The platform’s initial audit of popular OpenClaw skills found 9,515 total security findings, with 41% of skills containing at least one vulnerability.

The launch comes during a week in which OpenClaw security is dominating the conversation. Nvidia unveiled NemoClaw as an enterprise hardening layer, Northeastern University researchers demonstrated that OpenClaw agents can be psychologically manipulated into self-sabotage, and RSA Conference 2026 is running sessions on agentic AI security this week.

What ClawSecure Does

The platform runs a proprietary 3-Layer Audit Protocol, according to its GitHub repository. Layer one uses a proprietary engine scanning against 55+ OpenClaw-specific threat patterns, including detection for ClawHavoc, a coordinated malware campaign that delivers credential stealers through professional-looking ClawHub skills. Layer two performs static and behavioral code analysis, tracing execution paths across tool-calling chains. Layer three audits dependencies across npm and PyPI ecosystems against known CVE databases.

The audit covered skills from two major sources: the community-curated awesome-openclaw-skills list and the official openclaw/skills repository. Of the 2,890+ skills scanned, 30.6% were rated HIGH or CRITICAL severity, and 539 skills (18.7%) exhibited ClawHavoc malware indicators, according to the press release.

Continuous Monitoring and API

ClawSecure’s Watchtower feature tracks code changes across all registered skills using SHA-256 hash comparisons. When a skill’s code is modified, Watchtower automatically triggers a full re-audit. The company says Watchtower has detected 661 code changes across its registry so far, catching cases where previously safe skills were updated to include suspicious behavior, per the press release.

The Security Clearance API lets developers and platforms query any agent’s security status programmatically, returning a verdict of SECURE, UNVERIFIED, or DENIED alongside a current security score.

Competitive Positioning

The OpenClaw security market currently includes VirusTotal’s ClawHub integration, Bitdefender’s AI Skills Checker, Cisco’s Skill Scanner, and ClawDefend, according to ClawSecure’s press release. ClawSecure positions itself as the only tool that combines all four capabilities (scanning, monitoring, API, and registry) in one free package.

The platform claims full coverage of all 10 OWASP Agentic Security Initiative (ASI) Top 10 categories and says it is the first OpenClaw security tool to publish formal NIST AI Risk Management Framework alignment documentation. It is part of the Cloud Security Alliance STAR Registry at Level 1, per the press release.

Early Traction

ClawSecure reached #2 Product of the Day on Product Hunt, with 1,498 users scanning skills within the first 24 hours after launch, according to the press release.

“The OpenClaw ecosystem does not need another point solution,” Salbego said in the announcement. “It needs a complete integrity layer. We built the scanner, the monitor, the API, and the registry because security does not work in fragments.”

The platform is free with no signup required. The full registry is publicly accessible at clawsecure.ai/registry.