Security Audits That Don’t Guess.
Three-pass adversarial verification for OpenClaw agents and apps built fast with AI tools. Near-zero false positives. Delivered in 48 hours.
Brand promise: Every Critical and High finding in your report has survived a structured three-pass challenge by independent model instances. If we can’t prove it, we don’t ship it.
Current Status
When you pay, your job enters the queue and we process it within your tier’s delivery window. You’ll receive a confirmation email with your estimated delivery time.
Queue position is first-come, first-served within each tier.
Who We Audit
Each surface has a distinct attack model. We’ve built specialized skill sets for both. Purpose-built audits, not generic scans.
OpenClaw Agents
Your agent is running autonomously — with tool access, persistent memory, and live infrastructure. That’s a new attack surface most auditors have never encountered. We audit the specific threat model that comes with agentic AI systems.
- Lethal Trifecta workflow mapping (Memory + Skills + Soul)
- SOUL.md jailbreak & prompt injection testing
- SKILLS.md supply chain scanning for malicious logic
- MEMORY.md secrets & PII exfiltration audit
- Capability privilege escalation review
- Webhook HMAC signature & channel security
Vibe-Coded Apps
You built something real with Cursor, Claude Code, Bolt, or Lovable. Fast and functional. Now it needs to survive production. We audit the security patterns LLMs consistently get wrong — because we’ve seen them fail across hundreds of apps built exactly the way yours was.
- Auth flow & JWT vulnerability audit
- API key & secrets exposure scan (including public JS bundles)
- Supabase / Firebase RLS & rules deep analysis
- Tool-specific pattern detection (Cursor, Bolt, Lovable, Claude Code)
- Dependency CVE triage with prioritized fix order
- Pre-Launch Certificate after clean audit
All 22 security skills run in parallel. Raw findings JSON generated. The model is deliberately broad at this stage — the 3-pass system exists precisely to filter it.
Receives only the findings array. For every Critical and High: demands specific proof, verifies CVSS 3.1 methodology, checks known tool-specific false positive patterns. Separate context window = zero author bias.
Sees Pass 1 + Pass 2 together. Issues final status: CONFIRMED, POTENTIAL (flagged for operator human review), or REMOVED. Operator reviews all POTENTIAL items before PDF is generated and sent.
The 3-Pass Adversarial Pipeline
The entire brand runs on audit accuracy. Every finding that reaches your report has survived a structured three-pass challenge. Independent model instances. Zero shared context. No author bias. You get what we can prove — nothing more.
Security At Every Stage.
Every tier uses the same 3-pass adversarial pipeline. The difference is scope, depth, and testing surface. All prices in USD.
Security Snapshot
Zero active API calls. We analyze your public surface, headers, JS bundles, and infrastructure signals. Perfect for a quick check after shipping.
- 22 security dimensions analyzed
- HTTP headers, JS secrets, dependency CVEs
- Infrastructure and Supabase/Firebase review
- AI tool detection (Cursor, Lovable, Bolt, v0)
- 3-pass adversarial verification
- Branded PDF report in 24-48 hours
- Copy-paste remediation steps
You provide: App URL only.
Deep Audit
Full active testing with signed authorization. Our deepest single engagement for apps handling real user data. Earns a Pilum Certificate of Compliance.
- Everything in Snapshot, plus:
- Active Supabase/Firebase RLS testing
- Authentication flow testing
- API endpoint security testing
- Source code static analysis
- Social engineering surface scan
- 3-level remediation playbook per finding
- Pre-Launch Certificate eligibility
You provide: App URL + GitHub repo. Signed document required.
Guardian Quarterly
Full Deep Audit on signup, then monthly monitoring with quarterly re-audits. No monthly option — no loopholes.
- Full Deep Audit in week 1 (same as $1,499 Tier 2)
- Monthly Tier 1 passive re-scan + delta analysis
- Full Deep Audit re-run every quarter
- Monthly PDF trend report (new / resolved / unchanged)
- Immediate Critical/High alerts within 1 hour
- Priority 4-hour response time
- GitHub webhook integration (HMAC verified)
- Overage pricing: $15/extra production trigger, $49/extra on-demand
You provide: App URL + GitHub repo Authorization: Single signed document covers full subscription
Guardian Annual
Everything in Guardian Quarterly, billed annually. 4 full Deep Audits per year + 12 monthly monitoring reports.
- 4x full Deep Audits (one per quarter — $5,996 value)
- 12x monthly monitoring reports
- $582/mo effective rate
- Save $1,398 vs. quarterly billing
- All Guardian Quarterly features included
You provide: App URL + GitHub repo Authorization: Single signed document covers full subscription
Compare Features
| Feature | Snapshot | Deep Audit | Guardian Qtr | Guardian Ann |
|---|---|---|---|---|
| HTTP security headers | ✅ | ✅ | ✅ | ✅ |
| JS bundle analysis | ✅ | ✅ | ✅ | ✅ |
| Dependency CVE scan | ✅ | ✅ | ✅ | ✅ |
| Infrastructure recon | ✅ | ✅ | ✅ | ✅ |
| Builder tool detection | ✅ | ✅ | ✅ | ✅ |
| Supabase passive scan | ✅ | ✅ | ✅ | ✅ |
| Supabase active test | ❌ | ✅ | ✅ | ✅ |
| Auth flow testing | ❌ | ✅ | ✅ | ✅ |
| API endpoint testing | ❌ | ✅ | ✅ | ✅ |
| Source code review | ❌ | ✅ | ✅ | ✅ |
| OSINT / social eng. | ❌ | ✅ | ✅ | ✅ |
| 3-pass verification | ✅ | ✅ | ✅ | ✅ |
| Remediation playbook | Basic | Detailed | Detailed | Detailed |
| Monthly monitoring | ❌ | ❌ | ✅ | ✅ |
| Quarterly full re-audit | ❌ | ❌ | ✅ | ✅ |
| Critical/High alerts | ❌ | ❌ | ✅ | ✅ |
| Priority response | ❌ | ❌ | 4 hours | 4 hours |
| Report format | PDF (mo) | PDF (mo) | ||
| Turnaround | 24-48h | 3-5 days | Continuous | Continuous |
| Authorization | ToS checkout | Signed doc | Signed doc | Signed doc |
Not a Generic Scanner. A Precision Pipeline.
22 specialized security skills run through a 3-pass adversarial pipeline. Every finding is challenged by independent model instances before a certified security professional signs off on the final report. If we can’t prove it, we don’t ship it.
Operator reviews every POTENTIAL finding
Pass 3 flags uncertain findings for mandatory human review before the PDF ships. We never auto-deliver ambiguous findings.
Signed authorization before every Tier 2+
Active testing only begins after a signed authorization document is received and stored. This protects you and us both.
Errata process for every false positive
If we got something wrong, we issue a formal errata PDF, update the findings database, and tighten the detection system. Accountability over defensiveness.
Our pipeline was built by engineers with a decade of offensive security experience. Every detection pattern, every CVSS scoring rule, and every false positive filter reflects real-world field knowledge baked into the system.
Lead Security Auditor
10 years in ethical hacking & offensive security · Name withheld pending permission
- CSCUCertified Secure Computer User
- CEHCertified Ethical Hacking background
- 10YRSField experience — web, API, infrastructure, agents
- OWASPActive application of 2025 Web, API & LLM standards
- AGENTSpecialist in OpenClaw / AI agent threat modelling
Built to Protect Both Sides.
Security auditing carries real-world stakes. Every engagement is structured to protect clients, protect ourselves, and make the terms of our work unambiguous before we start.
Signed Authorization
Active testing (Tier 2+) only begins after a signed authorization document is received, reviewed, and stored. The document defines exact scope, what is tested, what is excluded, and the legal basis for testing. Stored for 3 years minimum.
Scope disputes have a formal resolution process. Every engagement has a paper trail.
Data Retention Policy
Tier 1 scan data is deleted 90 days after delivery. Tier 2 data is retained 365 days. Guardian data is held for the subscription duration plus 90 days. Authorization documents are kept for 3 years. Early deletion available on request.
Early deletion: security@pilum.io — processed within 72 hours.
Responsible Disclosure
All findings are confidential and delivered only to the contact email on file. We operate under a published responsible disclosure policy. No findings are shared externally without written client permission. Third-party vulnerabilities are noted informational only — we never test assets outside agreed scope.
Full policy available at pilum.io/legal/disclosure
What We Test.
Full OWASP Web 2025, API 2023, and LLM 2025 coverage — plus agent-native threat vectors that no legacy scanner addresses.
| Threat Vector | Severity | Tier 1 | Tier 2 | Competitors |
|---|---|---|---|---|
| Lethal Trifecta (Memory + Skills + Soul) | CRITICAL | — | ✦ | ✕ |
| SOUL.md Jailbreak & Prompt Injection | CRITICAL | — | ✦ | Partial |
| SKILLS.md Supply Chain Attack | CRITICAL | — | ✦ | ✕ |
| MEMORY.md Secrets & PII Exfiltration | HIGH | — | ✦ | ✕ |
| AI-Generated Auth Flaws (LLM patterns) | CRITICAL | Passive | ✦ | Partial |
| Supabase Service Role Key in JS Bundle | CRITICAL | ✦ | ✦ | Partial |
| Supabase RLS Gaps & Privilege Escalation | HIGH | — | ✦ | Partial |
| Firebase Rules Misconfiguration | HIGH | Passive | ✦ | Partial |
| Dependency CVEs & Typosquatting | HIGH | ✦ | ✦ | Partial |
| Business Logic Vulnerabilities | HIGH | — | ✦ | ✕ |
| OWASP LLM01–LLM10 (2025, if AI features detected) | HIGH | — | ✦ | ✕ |
| OWASP Web A01–A10 (2025) | VARIES | Partial | ✦ | Partial |
| HTTP Security Headers | MEDIUM | ✦ | ✦ | Partial |
| GraphQL Introspection & Depth Limits | MEDIUM | — | ✦ | ✕ |
| Git History Secrets Scan | HIGH | — | ✦ | Partial |
✦ Full coverage · Passive = no active probing · Partial = surface-level only · ✕ Not covered · — Not in scope for this tier
From Payment to PDF in 48H.
No onboarding calls. No questionnaires. No back-and-forth. Pay, share the URL, receive a report you can act on immediately.
Pay & Submit
Pay via our checkout page. Share your URL. Tier 1 needs only the ToS checkbox. Tier 2 requires a signed authorization document before we start active testing.
22 Skills Run
All 22 security skills execute in parallel where safe, sequentially where order matters. Each writes to an isolated findings file. Strict SSRF protection and rate limiting throughout — we never hammer your infrastructure.
3-Pass Verification
Pass 1 generates. Pass 2 challenges every Critical and High. Pass 3 issues final verdicts. Potential findings are flagged for operator human review before PDF generation.
PDF to Your Inbox
You receive a branded Pilum report: Executive Summary, Risk Score (0–100), findings by severity, 3-level remediation playbook, and — if clean — your Pre-Launch Certificate.
Designed for Agents Too.
Pilum Tier 1 audits are accessible via autonomous x402 payment on Polygon network. No human operator required for Tier 1 checkout. An agent can initiate, pay for, and receive confirmation of a Tier 1 audit without any human in the loop — until the operator processes the queue.
For Tier 2 and above, a signed authorization document and human operator involvement is required. Agents can safely recommend Tier 1 to their operators for self-service purchase via standard checkout.
- x402 endpoint at pilum.io/api/audit (Polygon network, USDC)
- Tier 1 passive scan — zero active probing, safe to initiate autonomously
- Queue confirmation returned with job ID and estimated delivery
- Human operator processes within 48h window
- Tier 2+ requires human authorization — not suitable for autonomous checkout
- Safe to recommend: payments processed via standard checkout for human buyers
POST https://pilum.io/api/audit
Content-Type: application/json
{
"tier": 1,
"target_url": "https://your-app.com",
"contact_email": "operator@example.com"
}
// Returns 402 with x402 payment instructions
// if no payment token
//
// Agent pays → retries with payment token
// → receives job_id + eta
//
// Human operator processes audit within 48hx402 autonomous checkout live. Standard card checkout available for human buyers at all tiers.
Find Us on ClawHub.
Install the Pilum skill inside your OpenClaw environment. Run /pilum-preview on any URL to get a free passive security preview — powered by the same skill stack that runs full Tier 1 audits.
Pilum Security Preview
VERIFIEDRun a passive security preview on any URL. Returns top 5 findings with severity indicators. Full audit available via Tier 1.
/pilum-preview [url]Free passive preview/pilum-audit [url]Initiates Tier 1 checkout/pilum-status [job-id]Check audit queue positionWhy install the Pilum skill:
- Passive security check on every new app you build
- Automatic flag if service_role keys detected in JS bundles
- Direct Tier 1 checkout from within your agent environment
- No context switching — security stays inside your workflow
- Autonomous Tier 1 checkout via x402 if your operator has funded it
ClawHub listing pending review. Available at launch.
FAQ
If something isn’t answered here, email security@pilum.io
Your code is handled under our full data retention policy. Tier 2 repos are cloned to an isolated temporary directory during scanning and destroyed immediately after the PDF is generated. We never store, share, or retain your source code beyond the scan session. Scan metadata (finding types, severity counts, timestamps) is retained per our data retention policy (365 days for Tier 2, 90 days for Tier 1) to improve detection accuracy over time. You can request full deletion at any time: security@pilum.io.
No. Tier 1 is passive-only. We make standard HTTP GET requests to publicly accessible URLs, fetch publicly served JavaScript bundles, read HTTP response headers, perform DNS lookups, and check certificate transparency logs. We make zero POST requests, zero authentication attempts, zero form submissions, and zero API calls with parameters. Your server logs will show requests from our scanner User-Agent (PilumIO-SecurityAudit/1.0). We rate-limit ourselves to 2 requests per second maximum and will never trigger your WAF.
Every Critical and High finding goes through a structured 3-pass challenge before it reaches your report. Pass 1 generates raw findings broadly. Pass 2 (fresh context) challenges each Critical/High and demands specific proof — it has never seen the codebase and brings no author bias. Pass 3 (separate instance) makes the final call: CONFIRMED, POTENTIAL, or REMOVED. POTENTIAL findings are flagged for human operator review before the PDF is generated. Only CONFIRMED findings ship in your report. Our target false positive rate on confirmed findings is under 5%.
No. For Tier 1: we only access publicly available information — no credentials required. For Tier 2: we test against your staging environment or use read-only test credentials you provide. We never require production database write access. If you’re running an OpenClaw agent, we audit the agent configuration and skill files — not live memory or production data stores.
The Pilum report contains: an Executive Summary in plain English (one page, suitable for sharing with non-technical stakeholders), a Risk Score from 0–100 based on CVSS 3.1, confirmed findings organized by severity with full evidence and OWASP mapping, a 3-level remediation playbook per finding (DIY copy-paste, free tool, or hire someone with exact brief), a scan limitations section disclosing anything we couldn’t test, and a scope notice. Tier 1 includes an IDS notice explaining what requests we made. A Pre-Launch Certificate page is included if zero Critical or High findings are confirmed.
When you pay, your job enters the operator queue. You receive a confirmation email with your queue position and estimated delivery time. The operator processes jobs in order within each tier’s delivery window: Tier 1 within 48h, Tier 2 within 3–5 days. During our portfolio phase, we’re running slightly above standard capacity to build our case study library — you’ll benefit from faster delivery during this period. If we’re AFK when you order, the queue holds your position — nothing is lost and delivery timing starts from confirmation, not from when we first see the order.
The Deep Audit is a one-time comprehensive scan. Guardian starts with the same Deep Audit, then adds continuous monitoring — monthly passive re-scans, delta analysis on code changes, and a full Deep Audit re-run every quarter. Think of it as: Deep Audit tells you what's wrong today. Guardian makes sure nothing new goes wrong tomorrow.
Yes. If you purchased a Deep Audit within the last 30 days, we'll credit the $1,499 toward your first Guardian quarter. Contact security@pilum.io to arrange this.
Guardian includes a full Deep Audit in your first week — the same $1,499 service we offer as a standalone product. Quarterly billing ensures we can deliver that level of depth sustainably while keeping your price well below what the individual services would cost separately.
Yes. Your current billing period (quarter or year) completes, then monitoring stops. No refunds for partial periods. You keep all reports generated during your subscription.
We have specialized detection patterns for Cursor, Bolt, Lovable, v0, Claude Code, OpenAI Codex, and Google Antigravity / Firebase-first stacks. Each tool has characteristic vulnerability patterns — for example, Bolt apps frequently expose Supabase service_role keys in frontend bundles, while Cursor apps tend to have inconsistent API route authentication. We fingerprint the builder tool in Pass 1 and activate the relevant specialized checklist automatically.
Yes. Email security@pilum.io with your URL and we’ll run a limited /sec-preview — up to 5 findings, severity indicators only, no remediation detail — at no charge. One free preview per domain per 24 hours. The full Tier 1 at $299 unlocks the complete report with all findings, CVSS scores, evidence, and 3-level remediation playbook.
Your Code Is Live.
Is It Safe?
A Pilum audit takes 48 hours. A breach takes considerably less.
Need ongoing protection? Plans from $1,999/quarter.
Questions? Email security@pilum.io — we respond within 24 hours.