clawsec-scannerlisted

# ClawSec Scanner Comprehensive security scanner for agent platforms that automates vulnerability detection across multiple dimensions: - **Dependency Scanning**: Analyzes npm and Python dependencies using `npm audit` and `pip-audit` with structured JSON output parsing - **CVE Database Integration**: Queries OSV (primary), NVD 2.0, and GitHub Advisory Database for vulnerability enrichment - **SAST Analysis**: Static code analysis using Semgrep (JavaScript/TypeScript) and Bandit (Python) to detect hardcoded secrets, command injection, path traversal, and unsafe deserialization - **DAST Framework**: Agent-specific dynamic analysis with real OpenClaw hook execution harness (malicious input, timeout, output bounds, event mutation safety) - **Unified Reporting**: Consolidated vulnerability reports with severity classification and remediation guidance - **Continuous Monitoring**: OpenClaw hook integration for automated periodic scanning ## Features ### Multi-Engine Scanning The scanner orchestrates four complementary scan types to provide comprehensive vulnerability coverage: 1. **Dependency Scanning** - Executes `npm audit --json` and `pip-audit -f json` as subprocesses - Parses structured output to extract CVE IDs, severity, affected versions - Handles edge cases: missing package-lock.json, zero vulnerabilities, malformed JSON 2. **CVE Database Queries** - **OSV API** (primary): Free, no authentication, broad ecosystem support (npm, PyPI, Go, Maven) - **NVD