Tencent/AI-Infra-Guard v4.0

🚀 AI-Infra-Guard v4.0 Release: Major Update Highlighting OpenClaw Security Scan (ClawScan)

on GitHub

AI-Infra-Guard v4.0 is officially released! This major update brings significant advancements to our security evaluation capabilities. We are thrilled to highlight the enhanced EdgeOne ClawScan, providing a dedicated and comprehensive security portal for OpenClaw. Alongside this, we are introducing the brand-new and entirely independent Agent-Scan Framework, plus multiple system optimizations.

🌟 Highlight: EdgeOne ClawScan (OpenClaw Security Scan)

To provide robust and dedicated security evaluations tailored for OpenClaw, v4.0 significantly enhances the independent ClawScan module, now officially available as EdgeOne ClawScan on ClawHub:

• 🛡️ Powered by Tencent Zhuque Lab: The scanning engine is officially powered by the cutting-edge security intelligence of Tencent Zhuque Lab's A.I.G (AI-Infra-Guard).
• 🔍 Comprehensive Security Scanning: Delivers comprehensive, tailored security health checks specifically designed for OpenClaw deployments.
• ⚡ On-Demand Health Checks: Seamlessly triggers in-depth security scans whenever a user requests a security evaluation or health check for their agent environment.
• 🩺 Dedicated Portals: Access the official skill directly on ClawHub at EdgeOne ClawScan or visit the dedicated OpenClaw portal viahttps://matrix.tencent.com/clawscan/.

🤖 Brand-New Independent Module: Agent-Scan Framework

Completely separate from ClawScan, v4.0 introduces Agent-Scan—a comprehensive, AI-powered autonomous agent security scanning framework designed for broader agent ecosystem testing:

• Multi-Agent Architecture: Built with specialized sub-agents working collaboratively, including a main agent, SSRF agent, config-scanner agent, vulnerability detector agent, agent security reviewer, and data leakage detection agent.
• Skill-Based Scanning Capabilities: Deep vulnerability detection covering OWASP ASI compliance, authorization bypass, indirect injection, tool abuse, and data leakage (utilizing static/advanced prompt sets and LLM evaluators).
• Comprehensive Tool Ecosystem: Simulates attacker interactions across a full suite of tools, supporting bash, file read/write, edit, grep, glob, ls, batch, thinking, todo, task, skill, MCP tool, dialogue, and finish actions.
• Agent Adapter System: Seamlessly supports multiple providers (such as Dify, Coze, etc.), featuring streaming responses and network connectivity testing.
• Automated Scan Pipelines: Features dialogue count tracking, tool usage statistics, asynchronous processing, and structured agent security review report generation.

🧩 Component Fingerprints (Added)

• Expanded AI Component Detection: Added 4 new AI component fingerprints to improve detection coverage: llama.cpp, HuggingFace TGI, NVIDIA NIM, and LocalAI.

🔄 Optimizations & Refactoring (Changed)

• 🐳 Docker Optimization:
  • Updated Dockerfile to support the new Agent-Scan framework.
  • Optimized docker.sh to use shallow clone and prefer Docker Compose v2.
  • Enhanced start.sh to handle chmod failures gracefully.
• 📝 Documentation Updates:
  • Updated README to include Agent Skills in scanning scenarios.
  • Refined README_ZH.md for clarity and accuracy.
  • Updated sections for research papers and cutting-edge security news.
• ⚙️ Configuration Refactoring:
  • Removed certain provider configurations and restructured field hierarchies (e.g., removed the idSuffix field).
  • Improved parsing compatibility for config files and added visual icon support for JSON config files.

👨‍💻 Contributors

Special thanks to our contributors for making this release possible: @rocie799, @truman, @test0Emma, @hobostay, @yang, and @mhh

🔗 Quick Links

• 📦 GitHub Release Notes:AI-Infra-Guard v4.0
• 🛠️ EdgeOne ClawScan on ClawHub:https://clawhub.ai/aigsec/edgeone-clawscan