Let's check your security! 🔍

Is your AI agentleaking secrets?

CRABB scans your OpenClaw installation and gives you a simple 0-100 score with clear steps to fix issues. No security expertise needed.

🔒100% offline
Under 10 seconds
📖Open source
See how it works
Live Demo

See CRABB in action

Watch a real scan find security issues. Your results are private — nothing leaves your machine.

Terminal — crabb
What We Check

4 security modules, one score

CRABB checks the most important security areas of your OpenClaw setup.

🔑

Credentials

40 points max

Finds exposed API keys, tokens, and secrets in your config files and logs.

Skills

30 points max

Scans skills for dangerous patterns like remote code execution or data theft.

🛡️

Permissions

20 points max

Checks if your sandbox mode, DM policies, and allowlists are configured safely.

🌐

Network

10 points max

Verifies your gateway isn't exposed and authentication is properly set up.

Simple Process

Three steps to peace of mind

1

Run the scan▶️

Just run npx getcrabb in your terminal. It automatically finds your OpenClaw installation and checks everything locally.

2

Get your score📊

You'll see a score from 0-100 with a letter grade (A-F). Higher is better! We'll show you exactly what needs fixing.

3

Share (optional)🔗

Proud of your score? Use --share to get a link you can post on social media. Only aggregate data is sent — never your actual secrets.

Scoring

Understand your grade

Your score translates to a letter grade that tells you how secure your setup is.

🎉
A
Excellent
👍
B
Good
🤔
C
Needs work
⚠️
D
Poor
🚨
F
Critical
FAQ

Common questions

Is this safe to run?+
Yes! CRABB runs 100% locally on your machine. It never sends any data unless you explicitly use the --share flag, and even then it only sends your score and counts — never actual secrets or file paths.
What's OpenClaw?+
OpenClaw is an open-source AI agent framework with 100k+ GitHub stars. It gives your AI assistant access to your files, shell, and messaging apps — which is powerful but needs proper security.
Is CRABB open source?+
Yes! CRABB is MIT licensed and fully open source. Check out the code on GitHub.
How is this different from OpenClaw's built-in audit?+
OpenClaw has a basic security audit command, but CRABB gives you a unified 0-100 score, deeper credential scanning, shareable score cards for social proof, and works without having OpenClaw CLI installed.
Let's check your security! 🔍

Ready to check your security?

One command. No signup. No data sent.

PrivateFastFree