This is a proper security scanner built specifically for agent platforms, not a wrapper around generic tools. It runs dependency checks (npm audit, pip-audit), queries multiple CVE databases (OSV, NVD, GitHub Advisory), does static analysis with Semgrep and Bandit, and includes agent-specific dynamic testing for OpenClaw hooks. The DAST piece is notable because it actually tests hook handlers with malicious inputs and timeout scenarios rather than trying to force web scanners into places they don't belong. You can run it on demand via CLI or wire it up as an OpenClaw hook for continuous monitoring. Requires a fair number of binaries installed locally (node, Python, semgrep, bandit, jq), but the install script does proper cryptographic verification of releases.
npx skills add https://github.com/prompt-security/clawsec --skill clawsec-scanner