Name: DefenseClaw
Author: Cisco AI Defense

Overview

ClawShield is a family of built-in Go scanners under internal/scanner/. Each scanner implements the common scanner interface and supports skill and code targets. These scanners inspect readable content for injection, malware, PII, secrets, and vulnerability patterns.

What it scans

Scanner	Source file	Targets
`clawshield-injection`	`internal/scanner/clawshield_injection.go`	`skill`, `code`
`clawshield-malware`	`internal/scanner/clawshield_malware.go`	`skill`, `code`
`clawshield-pii`	`internal/scanner/clawshield_pii.go`	`skill`, `code`
`clawshield-secrets`	`internal/scanner/clawshield_secrets.go`	`skill`, `code`
`clawshield-vuln`	`internal/scanner/clawshield_vuln.go`	`skill`, `code`

Detection categories

Category	Findings prefix	Purpose
Injection	`clawshield-injection`	Prompt-injection and instruction-override patterns
Malware	`clawshield-malware`	Reverse shell, credential harvesting, mining, C2, suspicious magic bytes, and high-entropy content
PII	`clawshield-pii`	Credit cards, SSNs, emails, phone numbers, dates of birth, passport-style IDs, and related patterns
Secrets	`clawshield-secrets`	Provider keys and token-shaped secrets
Vulnerabilities	`clawshield-vuln`	SQLi, SSRF, path traversal, command injection, and XSS patterns

CLI

There is no ClawShield command group in the current Python CLI. For a source-code scan exposed through the public gateway CLI, use CodeGuard:

defenseclaw-gateway scan code ./src --json

ClawShield — DefenseClaw

Overview

What it scans

Detection categories

CLI

Related