中文 EN

INTEGRATIONS

Bring Security
Into Your Workflow

Connect ClawSafe to your CI/CD pipelines, automation scripts, or security review processes via the REST API.

REST API

All functionality is exposed through a REST API with JSON requests and responses. Currently free with rate limits.

POST /api/scan

Submit a scan job. Accepts a URL (GitHub / ClawHub / ZIP) or file upload (multipart).

Request Body 
{
  "url": "https://github.com/user/skill-repo",
  "locale": "en"
}
Response 
{
  "reportId": "abc123",
  "id": "abc123",
  "status": "completed",
  "verdict": "Malicious",
  "verdictLevel": "malicious",
  "riskScore": { "score": 87 },
  "risk_score": 87,
  "report_url": "https://clawsafe.dev/report/abc123"
}
GET /api/report/:id

Retrieve the full report for a given ID, including the findings list.

Response 
{
  "data": {
    "id": "abc123",
    "type": "scan-report",
    "attributes": {
      "verdictLevel": "malicious",
      "riskScore": { "score": 87 },
      "findings": [
        {
          "category": "data_exfiltration",
          "severity": "critical",
          "title": "Suspicious C2 communication detected"
        }
      ]
    }
  }
}

GitHub Actions Example

Automatically scan skills on pull requests and block high-risk skills from being merged.

GitHub Actions 
name: ClawSafe Security Scan

on:
  pull_request:
    paths:
      - 'skills/**'

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Scan skill with ClawSafe
        run: |
          RESULT=$(curl -s -X POST https://clawsafe.dev/api/scan \
            -H "Content-Type: application/json" \
            -d '{"url": "${{ github.server_url }}/${{ github.repository }}/tree/${{ github.sha }}/skills", "locale": "en"}')

          VERDICT=$(echo $RESULT | jq -r '.verdictLevel')
          SCORE=$(echo $RESULT | jq -r '.riskScore.score')

          echo "Verdict: $VERDICT, Risk Score: $SCORE"

          if [ "$VERDICT" = "malicious" ] || [ "$VERDICT" = "high_risk" ]; then
            echo "::error::ClawSafe: Dangerous skill detected (score: $SCORE)"
            exit 1
          fi

Shell Script Example

Quickly scan a skill directory in local development or CI environments.

bash 
#!/bin/bash
# clawsafe-scan.sh - Scan a local skill directory

SKILL_DIR="$1"
API_BASE="https://clawsafe.dev/api"

if [ -z "$SKILL_DIR" ]; then
  echo "Usage: ./clawsafe-scan.sh <skill-dir>"
  exit 1
fi

echo "Scanning: $SKILL_DIR"

ARCHIVE=$(mktemp -t clawsafe-skill.XXXXXX.zip)
zip -rq "$ARCHIVE" "$SKILL_DIR"

RESPONSE=$(curl -s -X POST "$API_BASE/scan" \
  -F "file=@$ARCHIVE" \
  -F "locale=en")

VERDICT=$(echo "$RESPONSE" | jq -r '.verdictLevel')
SCORE=$(echo "$RESPONSE" | jq -r '.riskScore.score')
REPORT_ID=$(echo "$RESPONSE" | jq -r '.reportId')

echo "Verdict: $VERDICT | Risk Score: $SCORE"
echo "Report: https://clawsafe.dev/report/$REPORT_ID"
rm -f "$ARCHIVE"

case "$VERDICT" in
  malicious|high_risk) exit 1 ;;
  *) exit 0 ;;
esac

Rate Limits

Scan API (POST /api/scan) 5 / hour per IP
Report Query (GET /api/report) Unlimited
Max file size 10 MB

Need higher limits? Contact [email protected].

View Full API Docs