https://github.com/ap6pack/malwar
Static analysis engine for detecting malware in agentic AI skill files
https://github.com/ap6pack/malwar
agentic-ai fastapi malware-detection python sarif security skill-files static-analysis threat-detection
Last synced: 4 months ago
JSON representation
Static analysis engine for detecting malware in agentic AI skill files
- Host: GitHub
- URL: https://github.com/ap6pack/malwar
- Owner: Ap6pack
- License: other
- Created: 2026-02-20T07:14:26.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-02-21T00:55:31.000Z (4 months ago)
- Last Synced: 2026-02-22T00:00:37.611Z (4 months ago)
- Topics: agentic-ai, fastapi, malware-detection, python, sarif, security, skill-files, static-analysis, threat-detection
- Language: Python
- Homepage: https://ap6pack.github.io/malwar/
- Size: 2.66 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# Malwar
**Static analysis engine purpose-built for detecting malware in agentic AI skill files.**
[](https://pypi.org/project/malwar/)
[](https://ghcr.io/ap6pack/malwar)
[](https://ap6pack.github.io/malwar)
[](LICENSE)
[](https://github.com/Ap6pack/malwar/actions/workflows/ci.yml)
[](https://python.org)




[Web Dashboard](#web-dashboard) · [API Docs](docs/api-reference.md) · [Detection Rules](docs/detection-rules.md) · [Deployment](docs/deployment.md)
---
## Why
**20% of ClawHub's 10,700+ skills are malicious.** The [ClawHavoc campaign](docs/threat-campaigns.md) alone trojanized 824+ skills to deliver the AMOS infostealer. These attacks aren't binaries — they're natural language instructions hidden in Markdown files. VirusTotal sees nothing. Code scanners see nothing. Malwar was built to catch them.
## How It Works
```
SKILL.md → Rule Engine → URL Crawler → LLM Analyzer → Threat Intel → Verdict
<50ms 1-5s 2-10s <100ms
```
| Layer | What it catches |
|-------|-----------------|
| **Rule Engine** | Obfuscated commands, prompt injection, credential exposure, exfiltration patterns ([19 rules](docs/detection-rules.md)) |
| **URL Crawler** | Malicious URLs, domain reputation, redirect chains to C2 infrastructure |
| **LLM Analyzer** | Social engineering, hidden intent, context-dependent attacks invisible to regex |
| **Threat Intel** | Known IOCs, [campaign attribution](docs/threat-campaigns.md), threat actor fingerprints |
Full pipeline details: **[Architecture](docs/architecture.md)**
## Quick Start
```bash
pip install malwar
malwar db init
```
For development:
```bash
git clone https://github.com/Ap6pack/malwar.git && cd malwar
pip install -e ".[dev]"
malwar db init
```
```bash
malwar scan SKILL.md # scan a file
malwar scan skills/ # scan a directory
malwar scan SKILL.md --format sarif # CI/CD output
malwar scan SKILL.md --no-llm # skip LLM (fast + free)
```
```
$ malwar scan suspicious-skill.md
MALICIOUS Risk: 95/100 Findings: 4
MALWAR-OBF-001 Base64-encoded command execution critical L14
MALWAR-CMD-001 Remote script piped to shell critical L22
MALWAR-EXFIL-001 Agent memory/identity file access critical L31
MALWAR-MAL-001 ClawHavoc campaign indicator critical L14
Scan completed in 42ms (rule_engine, threat_intel)
```
Full command reference: **[CLI Guide](docs/cli-reference.md)**
## API
```bash
malwar serve # http://localhost:8000
```
```bash
curl -X POST http://localhost:8000/api/v1/scan \
-H "Content-Type: application/json" \
-d '{"content": "...", "file_name": "SKILL.md"}'
```
16 endpoints covering scan submission, results, SARIF export, signatures CRUD, campaigns, and reports. Auth via `X-API-Key` header.
Full endpoint reference: **[API Docs](docs/api-reference.md)**
## Web Dashboard
Built-in browser UI at `http://localhost:8000` when running the API server.

| | |
|---|---|
|  |  |
|  |  |
React 19 · TypeScript · Vite · Tailwind CSS 4 · Recharts
## Docker
```bash
docker compose up -d # API + Dashboard at http://localhost:8000
```
Multi-stage build: Node.js compiles the frontend, Python 3.13-slim runs the backend.
Full deployment guide: **[Deployment](docs/deployment.md)**
## Configuration
All settings via environment variables with `MALWAR_` prefix or `.env` file. Key settings:
| Variable | Default | Description |
|----------|---------|-------------|
| `MALWAR_API_KEYS` | *(empty)* | API keys (empty = auth disabled) |
| `MALWAR_ANTHROPIC_API_KEY` | *(empty)* | Anthropic key for LLM layer |
| `MALWAR_DB_PATH` | `malwar.db` | SQLite database path |
[All 17 configuration options →](docs/deployment.md#configuration)
## Development
```bash
pytest # 345 tests
ruff check src/ tests/ # lint
mypy src/ # type check
```
37 test fixtures: 5 benign, 10 malicious (synthetic), 22 real-world samples from ClawHub and Snyk research.
Full dev guide: **[Development](docs/development.md)**
## Documentation
| | |
|---|---|
| **[Architecture](docs/architecture.md)** | Pipeline design, scoring logic, storage layer |
| **[API Reference](docs/api-reference.md)** | All 16 endpoints with schemas and examples |
| **[Detection Rules](docs/detection-rules.md)** | All 19 rules with patterns and false positive guidance |
| **[Threat Campaigns](docs/threat-campaigns.md)** | Campaign tracking, ClawHavoc case study |
| **[CLI Reference](docs/cli-reference.md)** | Every command with flags and examples |
| **[Deployment](docs/deployment.md)** | pip, Docker, nginx, production config |
| **[Development](docs/development.md)** | Adding rules, endpoints, testing, conventions |
---
**BSL-1.1** — Copyright (c) 2026 Veritas Aequitas Holdings LLC. All rights reserved.