CLAWMYTHOS fuses Project Glasswing — Anthropic's Claude Mythos vulnerability-discovery initiative — with the OpenClaw skills ecosystem. Mythos-grade reasoning hunts and exploits software vulnerabilities; OpenClaw's 13,000+ skills turn every finding into a scan, a patch, and a coordinated disclosure — autonomously.
Project Glasswing is an Anthropic-led initiative that uses Claude Mythos — an unreleased frontier reasoning model — to discover and fix software vulnerabilities before code ships. The premise is blunt: AI has reached a point where it can out-find all but the most elite human researchers. Across partners, most uncovered hundreds of high- or critical-severity bugs in their own code, with several reporting a 10×+ jump in bug-finding rate. Cloudflare alone surfaced 2,000 bugs (400 high/critical) across critical-path systems.
Mythos is the mind — frontier reasoning that finds and proves the vulnerability. OpenClaw is the hands — an open, any-OS skill registry that connects to repos, scanners, CI, and disclosure channels. CLAWMYTHOS wires them together so a single finding flows end-to-end: discover → verify → patch → disclose.
Sink-guided, multi-step reasoning that locates exploitable sinks, traces taint, and builds a working proof-of-concept — the core of Glasswing.
13,729 skills on ClawHub — github, coding-agent, clawsec-suite, skill-vetter — to scan codebases and ship fixes on any OS.
Every confirmed flaw is logged, deduped, and routed to maintainers automatically — outside-in OSS self-scan at roughly $1 per run.
github skill clones the target and builds a code/dependency map.coding-agent proposes a minimal fix and opens a PR.The community has reproduced the Glasswing approach outside-in, runnable on the public Claude Opus 4.7 model:
Outside-in replication of Anthropic's Mythos Preview / Project Glasswing. An agentic vulnerability-discovery scaffold on Claude Opus 4.7 — eight-phase sink-guided pipeline, ~$1/run, OSS self-scan and coordinated disclosure.
Research notes and experiments mapping the "jagged frontier" of Mythos-class capability across security tasks.