HexaClaw is a security suite for OpenClaw. It includes hardened configs that restrict which skills can run, curated skill packs verified with our scanner, a Guardian runtime security engine, and a one-click installer.

How does HexaClaw protect my OpenClaw installation?

HexaClaw replaces your default OpenClaw config with a hardened version that only allows pre-selected skills to run. It blocks 6 known attack vectors including malicious install hooks, credential harvesting, and prompt injection. Professional and Enterprise tiers add Guardian runtime security with 119 rules across 12 attack categories.

Will this break my existing OpenClaw setup?

No. The installer automatically backs up your existing configuration before making any changes. You can rollback to your previous config at any time.

What about VirusTotal? Doesn't OpenClaw scan ClawHub now?

VirusTotal catches malware signatures in binaries, but prompt injection -- the #1 attack vector affecting 36% of ClawHub skills -- lives in text files, not binaries. OpenClaw maintainers confirmed VirusTotal cannot catch prompt injection payloads. HexaClaw's scanner targets these specifically.

Can I use HexaClaw with ClawSec or SecureClaw?

Yes. HexaClaw complements other security tools. Use ClawSec for ongoing monitoring and HexaClaw for prevention with pre-verified skills and hardened configs.

Is this a subscription?

No. All tiers are one-time purchases. Enterprise tier includes priority security updates for one year.

What skills are included in the curated packs?

10 skills across 3 packs: Productivity (notes, calendar, email, reminders), Developer (GitHub, coding tools, session logs), and Content (summarize, transcribe, social media). Each scanned with HexaClaw Verify.

What happens if a new attack is discovered?

Enterprise tier customers receive priority security updates for one year, including updated Guardian rules and configs. Guardian's 119 rules already cover patterns from ClawHavoc, cognitive rootkits, MCP tool poisoning, and CVE-2025-54135. All tiers ship with allowlisting by default, blocking unknown skills whether or not a specific attack has been identified.

Can I add my own skills after installing HexaClaw?

Yes. The security guide explains how to safely add new skills to your allowlist. The hardened config ensures only explicitly allowlisted skills can run.

341 malicious skills found on ClawHub

Your OpenClaw is Running Unverified Code

9,000+ installations compromised. 36% of ClawHub skills contain prompt injection vulnerabilities. HexaClaw gives you hardened configs, curated skill packs, and Guardian runtime security -- tested against real ClawHub attack patterns with 42 confirmed blocks and zero false positives.

Get Protected Now See How It Works

One-time purchase30-day money-backSetup in under 5 min

~/.hexaclaw

$ curl -sSL hexaclaw.com/install | bash

[*] Detecting OS... macOS 15.3

[*] Backing up ~/.hexaclaw/hexaclaw.json...

[*] Installing hardened config (balanced profile)

[*] Installing curated skill packs...

[*] Activating Guardian runtime (119 rules)

[*] Running security verification...

[OK] HexaClaw installed. Guardian active. 6 attack vectors blocked.

$ _

Built on Cisco AI Defense. Backed by research from Snyk, Koi Security, and VirusTotal.

Cisco AI Defense

Snyk

Koi Security

VirusTotal

The OpenClaw Security Crisis

The ClawHavoc attack exposed critical vulnerabilities in the OpenClaw ecosystem. Thousands of users are running unverified, potentially malicious code.

341

Malicious skills found

Discovered during ClawHavoc investigation

9,000+

Compromised installations

Users who installed at least one malicious skill

36%

Contain prompt injection

Of all ClawHub skills tested by Snyk

12%

Outright malicious

Designed to steal data or credentials

7.1%

Leak credentials

Skills that quietly exfiltrate API keys and tokens

26%

Have vulnerabilities

Of 31,000 skills scanned by Cisco AI Defense

30,000+

Exposed instances

OpenClaw installations accessible on the internet

5,700+

Third-party skills

On ClawHub with no mandatory security review

Sources: Koi Security ClawHavoc analysis, Snyk ToxicSkills study, Cisco AI Defense, Censys (Feb 2026)

What You Get

Everything you need to lock down your OpenClaw installation, packaged for one-command deployment.

Core

Hardened hexaclaw.json

Locked-down config with skill allowlisting, sandboxed tool categories, and sensible security defaults.

3 packs

Scanner-Verified Skill Bundles

Productivity, Developer, and Content packs -- 10 skills scanned with HexaClaw Verify before inclusion. Every skill passes YARA rules and heuristic analysis.

install.sh

One-Click Installer

Auto-detects your OS, backs up existing config, and sets up everything with a single command.

Configs

3 Security Profiles

Balanced, Minimal (maximum lockdown), and Developer -- choose the level that fits your workflow.

Professional+

Guardian Runtime Security

119 security rules across 12 attack categories. Tested against 6 real-world ClawHub attack patterns with 42 confirmed blocks and zero false positives. Sub-5ms overhead.

Enterprise

HexaClaw Verify Scanner

Scan any skill with YARA rules, prompt injection detection, and heuristic analysis. Built on Cisco AI Defense.

Professional + Enterprise tiers

Guardian Runtime Security

Static scanning catches known threats. Guardian blocks unknown threats in real-time -- intercepting credential theft, data exfiltration, and persistence attacks before they execute. Tested against real ClawHub attack patterns in an isolated VM.

119

Security rules

100 BLOCK + 19 CONFIRM across 12 categories

<5ms

Tier 1 latency

Pattern matching overhead

Confirmed blocks

Against 6 real-world attack patterns

False positives

284 automated tests, zero false alarms

Real-World Attacks Tested in Isolated VM

Attack Pattern	Source	Without Guardian	With Guardian
SSH key injection + exfiltration	ClawHub evilweather	Keys stolen	BLOCKED (9)
Credential bundling + webhook exfil	ClawHub rankaj	Creds leaked	BLOCKED (6)
SOUL.md cognitive rootkit	VirusTotal analysis	Agent hijacked	BLOCKED (3)
HEARTBEAT.md C2 injection	VirusTotal analysis	Backdoor installed	BLOCKED (6)
MCP tool description poisoning	Invariant Labs	Keys exfiltrated	BLOCKED (12)
MCP config injection (RCE)	CVE-2025-54135	Code executed	BLOCKED (6)

Credentials leaked

Persistence achieved

Fake credentials planted, none stolen

Defense in depth: even when a model refuses 95% of attacks, Guardian catches the 5% that slip through. Tested against Claude Opus 4, Gemini 2.0 Flash, and Gemini 2.0 Flash Lite in live E2E and isolated VM environments.

6 Attack Vectors. All Blocked.

HexaClaw protects against every known attack vector in the skill ecosystem, including CVE-2026-25253 (CVSS 8.8) and CVE-2025-54135 MCP config injection.

Malicious Install Hooks

Skills that run arbitrary shell commands during installation, compromising your system before you even use them.

Credential Harvesting

Skills designed to extract API keys, SSH keys, wallet keys, and other secrets from your environment.

Prompt Injection

Hidden instructions in skill definitions that hijack the AI agent to perform unintended actions.

Data Exfiltration

Skills that silently send your data to attacker-controlled servers through covert network requests.

Typosquatting

Fake skills that mimic popular ones with slightly different names to trick users into installing them.

Dependency Hijacking

Malicious code hidden in the dependencies of otherwise legitimate-looking skills.

VirusTotal integration added Feb 2026

Catches What VirusTotal Can't

OpenClaw integrated VirusTotal to scan ClawHub uploads. It catches malware signatures in binaries. But prompt injection -- the #1 attack vector -- lives in SKILL.md text files, not binaries.

VirusTotal

Scans for malware signatures in binaries
Catches known malware families
Cannot catch prompt injection payloads
No behavioral analysis
No runtime protection
No config hardening

OpenClaw maintainers confirmed VirusTotal "cannot catch prompt injection payloads."

HexaClaw

Custom YARA rules for prompt injection
Heuristic behavioral analysis
Guardian runtime security (119 rules)
Hardened config profiles
Pre-verified skill bundles
Real-time threat blocking (sub-5ms)

Built on Cisco AI Defense. 42 confirmed blocks against real ClawHub attack patterns. Zero false positives.

36% of ClawHub skills contain prompt injection vulnerabilities that VirusTotal explicitly cannot detect. This is the #1 attack vector in the OpenClaw ecosystem.

Source: Snyk ToxicSkills study, OpenClaw blog

Secure in Under 5 Minutes

No complex setup. No manual configuration. One command and your OpenClaw installation is hardened against known attack vectors.

Run the installer

One command backs up your existing config and installs the hardened configuration.

$ curl -sSL hexaclaw.com/install | bash

Choose your profile

Pick from balanced, minimal (maximum lockdown), or developer-focused security profiles.

$ Select profile: [1] Balanced [2] Minimal [3] Developer

You're protected

Your OpenClaw now runs only allowlisted skills with Guardian runtime security intercepting credential theft, data exfiltration, and persistence attacks.

$ [OK] Guardian active (119 rules). 6 attack vectors blocked.

How HexaClaw Compares

Prevention beats detection. They audit after installation. We ship scanner-verified skill bundles and block threats before they execute.

Feature	HexaClaw	ClawSec	SecureClaw	NanoClaw
Pre-verified skill bundles
Prompt injection scanner			Partial
Hardened config profiles	3 profiles		1 profile	N/A
Runtime security engine	119 rules			Via container
Tested against real attacks	42 blocks, 0 FP
Real-time alerts
One-click install				Docker
Config backup & rollback				N/A
Commercial support
Price	$29-79	Free	Free	Free

One Purchase. Lifetime Protection.

No subscriptions. No recurring fees. Pay once and get hardened security for your OpenClaw installation.

Starter

The basics to lock down your OpenClaw installation.

$29 one-time

Hardened hexaclaw.json config
One-click install script
Quick-start security guide
Config integrity verification (SHA-256)

Get Starter

Recommended

Professional

Full protection with curated skills and runtime security.

$49 one-time

Everything in Starter
3 curated skill packs (10 verified skills)
Guardian runtime security (119 rules, 12 attack categories)
Real-world tested against ClawHub attack patterns
Security hardening guide
30 days email support

Get Professional

Enterprise

Complete security suite with scanner and ongoing updates.

$79 one-time

Everything in Professional
HexaClaw Verify scanner CLI
All 3 config profiles (Balanced, Minimal, Developer)
Heuristic behavioral analysis engine
Prompt injection detection suite
Priority security updates for 1 year

Get Enterprise

30-day money-back guarantee. No questions asked.

Prevention Beats Detection

30,000+ OpenClaw instances are exposed right now. The default config trusts everything. One command. Under 5 minutes. Your existing config is auto-backed up.

Get Protected Now

One-time purchase. 30-day money-back guarantee.

Trusted by Developers Who Take Security Seriously

Engineers at top companies use HexaClaw to lock down their AI tooling without sacrificing productivity.

Found 3 skills in my setup that were silently exfiltrating my shell history. HexaClaw caught them in seconds — I wouldn't have known otherwise.

Maya Chen

Staff Engineer, Vercel

Replaced 2 hours of manually auditing skill configs with a single curl command. The hardened config blocked prompt injection attempts on day one.

James Okafor

DevOps Lead, Render

We rolled HexaClaw out to our entire 40-person eng team. Setup took 4 minutes per machine. Zero broken workflows, 6 attack vectors closed.

Priya Sharma

Security Engineer, Shopify

The curated skill packs alone are worth it. Every skill pre-verified, no install hooks, no credential harvesting. I actually trust my setup now.

Daniel Reeves

Senior Developer, Supabase

Frequently Asked Questions

Get Free Security Alerts

Get notified when new HexaClaw vulnerabilities are discovered. No spam. Unsubscribe anytime.

Free. No spam. Unsubscribe anytime.