Memory and RAG poisoning
Finds places where untrusted content can be written into memory, vector stores, knowledge bases, or retrieval context without a trust boundary.
TrustableClaw Research
AI Agent Security Audits
TrustableClaw scans real AI agent frameworks for security patterns that conventional code scanners often miss: memory poisoning, unsafe tool access, missing approval gates, and auditability gaps.
These reports are security research and deployment-risk analysis. They are not claims that every finding is an exploitable zero-day vulnerability in every application.
Unsafe tool and database access
Maps how agent prompts can reach sensitive tools such as SQL, file, shell, browser, email, MCP, or admin actions.
Approval and audit gaps
Highlights missing confirmation gates, weak runtime records, and places where agent behavior may be difficult to prove after the fact.
Published audits
Framework scans are published after automated results are manually reviewed and false positives are filtered.
CrewAIPublished
CrewAI Agent Security Scan
A TrustableClaw scan of a CrewAI repository snapshot found no RCE path, but identified high-attention agent safety patterns around RAG memory, NL2SQL database tools, and auditability.
3,320 files scanned · 3 manually confirmed findings · highest severity: High