Skip to content

v0.4.0 — Registry Monitoring, Fraud Detection & MIT Relicense

Latest

Choose a tag to compare

@Ap6pack Ap6pack released this 05 Jul 12:39
8fd3efb

The first release under the MIT license (relicensed from BSL-1.1 — free for
any use, including commercial). Adds continuous registry monitoring, four new
detection rules, and LLM-driven false-positive suppression.

Detection Engine

  • 4 new rules (26 → 30) across two new threat categories:
    • MALWAR-FRAUD-001 / MALWAR-FRAUD-002 — agentic financial fraud
      (affiliate-link injection, transaction front-running)
    • MALWAR-EVADE-001 — scanner-evasion padding
    • MALWAR-OBF-004 — PowerShell download-cradle patterns
  • 13 threat categories total
  • False-positive fixMALWAR-PERSIST-002 word-anchored so Anthropic's
    official skill-creation guide no longer misfires (#2)

Continuous Monitoring

  • malwar crawl monitor sweeps the entire ClawHub registry, diffs against
    the previous snapshot, and surfaces newly-malicious skills (added / removed /
    modified / verdict-changed). Ships with a 24h scheduled trigger.

LLM Layer

  • False-positive suppression — the LLM layer can demote rule-engine findings
    it identifies as false positives, excluding them from the score while keeping
    them visible (#1)
  • Honors ambient Anthropic credentials; stale model config removed

Usability & Ops

  • Friendly, styled CLI errors for missing/empty scan targets (#3)
  • Shareable threat digests with opt-in X (Twitter) publishing
  • Render deployment blueprint + configurable CORS
  • Docker now serves the frontend; all hardcoded version strings replaced with
    the dynamic package version

Detection Accuracy

Rule engine + threat intel only (no LLM), on the 38-fixture labeled corpus:

Metric Value
Accuracy 100.0%
Precision 100.0%
Recall 100.0%
F1 100.0%

Every malicious sample detected, zero benign samples flagged (up from 96.8% /
95.8% in v0.3.1). Full Accuracy Report.

Housekeeping

  • Relicensed BSL-1.1 → MIT; removed the per-file All rights reserved
    copyright-header enforcement (script + CI step) as contradictory under MIT.
    Licensing is now conveyed by LICENSE alone.
  • Documentation accuracy pass across all pages; new OpenClaw agentic
    supply-chain threat report.

Install

pip install malwar==0.4.0