catchclaw
CatchClaw is a Rust-based security assessment tool for AI Agent platforms, supporting 9 major platforms including OpenClaw, Dify, FastGPT, LobeChat, NextChat, AnythingLLM, Flowise, and RAGFlow. It provides 78 DAG-based attack chains and 78 exploit modules covering the full ATT&CK lifecycle from reconnaissance to data exfiltration, with techniques including SSRF, RCE, key theft, session hijacking, privilege escalation, persistence, C2 exfiltration, skill poisoning, agent injection, MCP injection, OAuth theft, and DNS rebinding. Built on the Tokio async runtime, the DAG engine uses Kahn topological sorting for layered concurrent execution with Semaphore-based concurrency control, conditional execution, and fallback node support. Features include multi-platform fingerprinting, automatic platform detection, attack surface coverage across WebSocket API, HTTP REST, OAuth, webhook, and node interfaces, multi-target CIDR scanning, port scanning, and service discovery. Reports are exported in JSON, HTML, and Markdown