Scan External Package

curl --request POST \
  --url https://api.example.com/v1/security/scan-package \
  --header 'Content-Type: multipart/form-data' \
  --form 'content_hash=<string>' \
  --form 'source=<string>' \
  --form 'source_slug=<string>' \
  --form package='@example-file' \
  --form 'source_version=<string>' \
  --form skill_type=skill

{
  "content_hash": "<string>",
  "security_status": "pass",
  "security_score": 123,
  "findings": [
    {}
  ]
}

POST

security

scan-package

Scan External Package

curl --request POST \
  --url https://api.example.com/v1/security/scan-package \
  --header 'Content-Type: multipart/form-data' \
  --form 'content_hash=<string>' \
  --form 'source=<string>' \
  --form 'source_slug=<string>' \
  --form package='@example-file' \
  --form 'source_version=<string>' \
  --form skill_type=skill

{
  "content_hash": "<string>",
  "security_status": "pass",
  "security_score": 123,
  "findings": [
    {}
  ]
}

Body

multipart/form-data

content_hash

string

required

SHA-256 hash of the package content

source

string

required

Source registry (e.g. 'clawhub')

source_slug

string

required

Skill identifier in the source registry

package

file

required

ZIP or TAR.GZ package file

source_version

string

Version identifier from the source registry (optional)

skill_type

enum<string>

default:skill

Available options:

skill,

agent

Response

Successful Response

content_hash

string

security_status

enum<string>

Available options:

pass,

warn,

block

security_score

integer

findings

object[]

Check Scan Cache Health Check

⌘I

auth

skills

agents

checkout

purchases

search

webhooks

claims

sellers

admin

installations

security

system

Scan External Package

Body

Response