Static analysis engine purpose-built for detecting malware in agentic AI skill files.
20% of ClawHub's 10,700+ skills are malicious. The ClawHavoc campaign alone trojanized 824+ skills to deliver the AMOS infostealer. These attacks aren't binaries — they're natural language instructions hidden in Markdown files. VirusTotal sees nothing. Code scanners see nothing. Malwar was built to catch them.
SKILL.md → Rule Engine → URL Crawler → LLM Analyzer → Threat Intel → Verdict
<50ms 1-5s 2-10s <100ms
| Layer | What it catches |
|---|---|
| Rule Engine | Obfuscated commands, prompt injection, credential exposure, exfiltration patterns (26 rules) |
| URL Crawler | Malicious URLs, domain reputation, redirect chains to C2 infrastructure |
| LLM Analyzer | Social engineering, hidden intent, context-dependent attacks invisible to regex |
| Threat Intel | Known IOCs, campaign attribution, threat actor fingerprints |
Full pipeline details: Architecture
pip install malwar
malwar db initFor development:
git clone https://github.com/Ap6pack/malwar.git && cd malwar
pip install -e ".[dev]"
malwar db initmalwar scan SKILL.md # scan a file
malwar scan skills/ # scan a directory
malwar scan SKILL.md --format sarif # CI/CD output
malwar scan SKILL.md --no-llm # skip LLM (fast + free)
malwar crawl scan beszel-check # scan a ClawHub skill by slug
malwar crawl url https://example.com/SKILL.md # scan any remote SKILL.md$ malwar scan suspicious-skill.md
MALICIOUS Risk: 95/100 Findings: 4
MALWAR-OBF-001 Base64-encoded command execution critical L14
MALWAR-CMD-001 Remote script piped to shell critical L22
MALWAR-EXFIL-001 Agent memory/identity file access critical L31
MALWAR-MAL-001 ClawHavoc campaign indicator critical L14
Scan completed in 42ms (rule_engine, threat_intel)
Full command reference: CLI Guide
malwar serve # http://localhost:8000curl -X POST http://localhost:8000/api/v1/scan \
-H "Content-Type: application/json" \
-d '{"content": "...", "file_name": "SKILL.md"}'30+ endpoints covering scan submission, results, SARIF export, signatures CRUD, campaigns, reports, dashboard analytics, audit logs, and RBAC. Auth via X-API-Key header.
Full endpoint reference: API Docs
Built-in browser UI at http://localhost:8000 when running the API server.
 |
 |
 |
 |
React 19 · TypeScript · Vite · Tailwind CSS 4 · Recharts
docker compose up -d # API + Dashboard at http://localhost:8000Multi-stage build: Node.js compiles the frontend, Python 3.13-slim runs the backend.
Full deployment guide: Deployment
All settings via environment variables with MALWAR_ prefix or .env file. Key settings:
| Variable | Default | Description |
|---|---|---|
MALWAR_API_KEYS |
(empty) | API keys (empty = auth disabled) |
MALWAR_ANTHROPIC_API_KEY |
(empty) | Anthropic key for LLM layer |
MALWAR_DB_PATH |
malwar.db |
SQLite database path |
All 40+ configuration options →
pytest # 1,504 tests
ruff check src/ tests/ # lint
mypy src/ # type check37 test fixtures: 5 benign, 10 malicious (synthetic), 22 real-world samples from ClawHub and Snyk research.
Full dev guide: Development
| Architecture | Pipeline design, scoring logic, storage layer |
| API Reference | All 30+ endpoints with schemas and examples |
| Detection Rules | All 26 rules with patterns and false positive guidance |
| Threat Campaigns | Campaign tracking, ClawHavoc case study |
| CLI Reference | Every command with flags and examples |
| Deployment | pip, Docker, nginx, production config |
| Development | Adding rules, endpoints, testing, conventions |
Extensibility — YAML DSL for custom rules, rule testing framework, plugin system, ML-based risk scoring.
Infrastructure — PostgreSQL backend support, Redis caching layer, GitLab CI and Azure DevOps templates.
Security & Compliance — Immutable audit logging, role-based access control (RBAC), CI security scanning with SBOM.
Operations — Scheduled background scanning, multi-channel notifications (Slack, email, webhooks), git diff scanning.
User Experience — Dashboard analytics with trend charts, Rich TUI for interactive terminal usage.
Registry Integration — malwar crawl command to browse, search, and scan skills directly from ClawHub. Also supports scanning any remote SKILL.md by URL.
1,504 tests | 26 detection rules | 82% coverage
BSL-1.1 — Copyright (c) 2026 Veritas Aequitas Holdings LLC. All rights reserved.