Security for the AI agent era

Your AI agent is powerful.
That power is also a risk.

OpenClaw agents execute code, install skills, read credentials, and browse the web. Crusty Security is the security layer that watches everything — so you don't have to.

Start Free →See What's at Stake

What can go wrong

Your agent has root-level access to its environment. Every skill it installs is code it trusts implicitly. Here's what attackers are already exploiting.

📦

Malicious Skills from ClawHub

Anyone can publish a skill to ClawHub. There's no mandatory review process. A single install pulls untrusted code directly into your agent's runtime.

💉

Prompt Injection → Code Execution

A crafted prompt can trick your agent into running arbitrary shell commands. The agent doesn't know it's been hijacked — it thinks it's following instructions.

📡

Data Exfiltration

Your API keys, tokens, and credentials — silently curled to an attacker's server. One compromised skill is all it takes to drain your secrets.

🧬

Supply Chain Poisoning

A trusted skill gets an update. The update contains modified code. Your agent auto-updates and now runs the attacker's payload.

🪝

Persistent Backdoors

Cron jobs, modified configs, new SSH keys — attackers don't just get in, they make sure they can get back in. Even after you remove the skill.

🔑

Credential Harvesting

Your .env files contain everything: database URIs, API keys, OAuth tokens. A malicious skill reads them in milliseconds and phones home.

How Crusty Security protects you

Seven layers of defense. Local scanning, cloud analysis, static auditing, reputation tracking, and continuous monitoring — all running automatically.

🦠Local

ClamAV Local Scanning

70+ signature databases running locally. Real-time file monitoring catches known malware the moment it touches disk. No cloud dependency for baseline protection.

📊Intel

Threat Intelligence

Aggregated threat data from multiple sources powers smarter detection. Signature updates, blocklist cross-referencing, and pattern-based analysis — all running locally.

🔍Analysis

Static Skill Analysis

Every installed skill is statically analyzed for shell injection patterns, data exfiltration calls, obfuscated code, hidden files, and privilege escalation attempts.

🔗Registry

ClawHub Reputation Monitoring

Every 12 hours, we check your installed skills against the ClawHub registry. Version drift detection, blocklist cross-referencing, and publisher reputation tracking.

🖥️Host

Host Security Auditing

Continuous port scanning, file permission audits, SSH key inventory, and cron job monitoring. Know the security posture of every machine your agent runs on.

🤖Agent

Agent Integrity Monitoring

Detects unexpected file changes, unauthorized outbound connections, and config tampering. If your agent starts behaving differently, you'll know immediately.

🚨Alerts

Smart Alerts

Severity-based notifications via email and Slack. Critical threats wake you up. Low-risk findings wait for your morning review. No alert fatigue.

How it works

Two pieces. One API key. Two minutes to connect.

Crusty Security

The Skill

Runs on your OpenClaw agent's machine

  • Scans files with ClamAV
  • Audits skills for threats
  • Monitors agent behavior
  • Checks host security
clawhub install crusty-security
📊

The Dashboard

Runs at crustysecurity.com

  • View all scan results
  • Manage alerts & threats
  • Monitor agent health
  • Email & Slack notifications
Sign up free at crustysecurity.com

Connected by a single API key

Skill── HTTPS POST ──▶📊 Dashboard

Data flows one way only. The dashboard never connects to your machine.
Works behind firewalls, NATs, and VPNs — no port forwarding needed.

Get connected in 3 steps

1

Install the skill on your agent

clawhub install crusty-security
2

Sign up and get your API key

Sign up at crustysecurity.com → go to Agents → click "+ Add Agent". Your API key is generated automatically.

3

Set the environment variable

export CRUSTY_API_KEY="cg_live_xxxxxxxxxxxxxxxxxxxx"

Your agent appears in the dashboard within 5 minutes. Scan results flow automatically.

Skills Dashboard

Every skill your agent has installed — monitored, scanned, and verified in one place.

12 skills installed10 clean1 warning1 threat
Last scan: 4 minutes ago
web-scraperv2.1.0
ClawHub Rep98%
Clean
email-senderv1.4.2
ClawHub Rep95%
Clean
db-connectorv3.0.1
ClawHub Rep72%
Warning
crypto-utilsv1.0.0
ClawHub Rep12%
Threat
+ 8 more skills monitored

Simple, transparent pricing

Start free. Upgrade when you need more agents or deeper analysis.

Free

$0/forever
  • 1 agent
  • ClamAV scanning
  • Basic dashboard
  • Community support
Get Started

Pro

$19/month
  • 5 agents
  • Advanced threat intelligence
  • Static skill analysis
  • Email + Slack alerts
  • Scan scheduling
  • Priority support
Start Pro Trial

Team

$49/month
  • 20 agents
  • All Pro features
  • Team management
  • API access
  • Webhook notifications
  • Compliance reports
Start Team Trial

Don't wait for the breach

Every minute your agent runs unmonitored is a minute an attacker could be exfiltrating your credentials. Crusty Security takes 30 seconds to set up.

Start Free →