Is your AI agentleaking secrets?
See CRABB in action
Watch a real scan find security issues. Your results are private — nothing leaves your machine.
4 security modules, one score
CRABB checks the most important security areas of your OpenClaw setup.
Credentials
Finds exposed API keys, tokens, and secrets in your config files and logs.
Skills
Scans skills for dangerous patterns like remote code execution or data theft.
Permissions
Checks if your sandbox mode, DM policies, and allowlists are configured safely.
Network
Verifies your gateway isn't exposed and authentication is properly set up.
Three steps to peace of mind
Run the scan▶️
Just run npx getcrabb in your terminal. It automatically finds your OpenClaw installation and checks everything locally.
Get your score📊
You'll see a score from 0-100 with a letter grade (A-F). Higher is better! We'll show you exactly what needs fixing.
Fix or share🔧
Run --fix to apply recommended fixes with before/after comparison. Or use --share to get a link you can post. Only aggregate data is sent — never your actual secrets.
Understand your grade
Your score translates to a letter grade that tells you how secure your setup is.
Common questions
Is this safe to run?+
--share flag, and even then it only sends your score and counts — never actual secrets or file paths.What's OpenClaw?+
Is CRABB open source?+
How is this different from OpenClaw's built-in audit?+
security audit command and adds deeper credential/skills scanning. You get a unified 0-100 score, shareable score cards, and a guided --fix flow that shows before/after comparison. Works even without OpenClaw CLI installed.What does --fix do?+
--fix flag runs a guided remediation flow: it scans your setup, shows found issues, asks for confirmation, applies fixes via OpenClaw CLI, then rescans to show you a before/after delta. Use --yes to skip confirmation in CI/automation.Ready to check your security?
One command. No signup. No data sent.