CA:COMING SOON
Open Source · MIT Licensed

Detect Shadow AI before it compromises your network

Claw Hunter discovers unauthorized OpenClaw agents, audits their privileges, and ensures your endpoints, data, and network stay secure.

View on GitHub
claw-hunter.sh

$ ./claw-hunter.sh

==========================================

OPENCLAW SECURITY AUDIT: UNIX/MAC (v3)

==========================================

--- [ Detection ] ---

State Dir: /Users/john/.openclaw

Config: openclaw.json (found)

CLI: /usr/local/bin/openclaw (v1.2.3)

--- [ Network & Gateway ] ---

Gateway: ACTIVE (Port 18789 | PID: 12345)

Gateway auth token: NOT SET

--- [ Privileges & Tools ] ---

RISK: Shell Access ENABLED

Filesystem Write: not flagged

Core Capabilities

Everything you need to audit Shadow AI

Purpose-built for ITSec teams to detect, assess, and report on autonomous agent activity across your infrastructure.

Shadow AI Detection

Discover unauthorized OpenClaw agents operating as high-privilege service accounts that bypass standard IAM policies.

Security Risk Assessment

Identify shell access, filesystem write permissions, and exposed gateways across your entire infrastructure.

Credential Scanning

Scan for potential secrets, API keys, and exposed credentials that autonomous agents may have access to.

Integration Inventory

Map all active agents, communication channels, and registry entries across your network.

Configuration Audit

Detect missing auth tokens, misconfigured services, and installation issues before they become threats.

Structured JSON Output

Export results in clean JSON format for automation, SIEM integration, and centralized security dashboards.

Zero Dependencies

Pure bash and PowerShell scripts with no external dependencies. Optional jq for enhanced JSON formatting.

Non-Intrusive Scanning

Read-only operations that never modify system configurations. Safe to run in any environment.

Cross-Platform

Runs wherever your agents run

System-agnostic visibility across macOS, Linux, and Windows with zero external dependencies.

macOS

Bash 3.2+

curl -O ... claw-hunter.sh
chmod +x claw-hunter.sh
./claw-hunter.sh

Linux

Bash 3.2+

curl -O ... claw-hunter.sh
chmod +x claw-hunter.sh
sudo ./claw-hunter.sh --mdm

Windows

PowerShell 5.1+

Invoke-WebRequest ... -OutFile
  claw-hunter.ps1
.\claw-hunter.ps1

MDM Integration

Deploy at scale with your MDM

Designed for automated deployment via Jamf Pro, Microsoft Intune, and other MDM platforms with silent execution and centralized reporting.

Silent execution mode
Machine identification
Security risk scoring
Central API upload
Bearer token auth
Persistent logging
Proper exit codes

Exit Codes

Automation-ready return values for CI/CD pipelines

0

Clean

No issues detected

1

Warning

Security issues found

2

Info

OpenClaw not installed

3

Error

Script execution error

Quick Start

Up and running in seconds

No package managers, no build steps. Download the script and run it.

# Download and run
curl -O https://raw.githubusercontent.com/backslash-security/Claw-Hunter/main/claw-hunter.sh
chmod +x claw-hunter.sh
./claw-hunter.sh