diff --git a/skills/clawsec-scanner/CHANGELOG.md b/skills/clawsec-scanner/CHANGELOG.md
index 9f1c16d..6e43ee6 100644
--- a/skills/clawsec-scanner/CHANGELOG.md
+++ b/skills/clawsec-scanner/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [0.0.6] - 2026-06-11
+
+### Changed
+
+- Updated shipped documentation (hook HOOK.md, dast_runner.mjs header, SKILL.md roadmap heading) to describe the static hook source inspection model introduced in 0.0.4, removing stale references to executing target hook handlers.
+
 ## [0.0.5] - 2026-06-10
 
 ### Changed
diff --git a/skills/clawsec-scanner/SKILL.md b/skills/clawsec-scanner/SKILL.md
index 91ec4e0..6b08501 100644
--- a/skills/clawsec-scanner/SKILL.md
+++ b/skills/clawsec-scanner/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: clawsec-scanner
-version: 0.0.5
+version: 0.0.6
 description: Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.
 homepage: https://clawsec.prompt.security
 clawdis:
@@ -50,7 +50,7 @@ The scanner orchestrates four complementary scan types to provide comprehensive
    - **Bandit** for Python: Leverages existing `pyproject.toml` configuration
    - Identifies: hardcoded secrets (API keys, tokens), command injection (`eval`, `exec`), path traversal, unsafe deserialization
 
-4. **Dynamic Analysis (DAST)**
+4. **DAST (Static Hook Inspection)**
    - Static hook inspection for OpenClaw hook handlers discovered from `HOOK.md` metadata
    - Verifies coverage and source-level risk signals without importing, transpiling, or invoking target handlers
    - Note: Traditional web DAST tools (ZAP, Burp) do not apply to agent platforms - this provides agent-specific testing
@@ -464,7 +464,7 @@ npx clawhub@latest install clawsec-suite
 
 ## Roadmap
 
-### v0.0.4 (Current)
+### v0.0.6 (Current)
 - [x] Dependency scanning (npm audit, pip-audit)
 - [x] CVE database integration (OSV, NVD, GitHub Advisory)
 - [x] SAST analysis (Semgrep, Bandit)
diff --git a/skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md b/skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md
index 9953cbc..c5c7f1f 100644
--- a/skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md
+++ b/skills/clawsec-scanner/hooks/clawsec-scanner-hook/HOOK.md
@@ -20,7 +20,7 @@ The hook orchestrates four independent scanning engines:
 1. **Dependency Scanning**: Executes `npm audit` and `pip-audit` to detect known vulnerabilities in JavaScript and Python dependencies
 2. **SAST (Static Analysis)**: Runs Semgrep (JS/TS) and Bandit (Python) to detect security issues like hardcoded secrets, command injection, and path traversal
 3. **CVE Database Lookup**: Queries OSV API (primary), NVD 2.0 (optional), and GitHub Advisory Database (optional) for vulnerability enrichment
-4. **DAST (Dynamic Analysis)**: Executes real OpenClaw hook handlers in an isolated harness and tests malicious-input resilience, timeout behavior, output bounds, and event mutation safety
+4. **DAST (Static Hook Inspection)**: Reads OpenClaw hook handler source in an isolated helper process and pattern-matches source-level risk signals (subprocess execution, dynamic imports, `eval`, environment access) without importing, transpiling, or executing target handler code
 
 ## Safety Contract
 
@@ -48,7 +48,7 @@ The hook orchestrates four independent scanning engines:
 
 - `CLAWSEC_SKIP_DEPENDENCY_SCAN`: Set to `1` to disable dependency scanning (npm audit, pip-audit).
 - `CLAWSEC_SKIP_SAST`: Set to `1` to disable static analysis (Semgrep, Bandit).
-- `CLAWSEC_SKIP_DAST`: Set to `1` to disable dynamic analysis (hook security tests).
+- `CLAWSEC_SKIP_DAST`: Set to `1` to disable static hook inspection (DAST hook source checks).
 - `CLAWSEC_SKIP_CVE_LOOKUP`: Set to `1` to disable CVE database enrichment.
 
 ### Advanced Options
diff --git a/skills/clawsec-scanner/scripts/dast_runner.mjs b/skills/clawsec-scanner/scripts/dast_runner.mjs
index dc3e1c4..6899a32 100755
--- a/skills/clawsec-scanner/scripts/dast_runner.mjs
+++ b/skills/clawsec-scanner/scripts/dast_runner.mjs
@@ -1,13 +1,13 @@
 #!/usr/bin/env node
 
 /**
- * DAST (Dynamic Application Security Testing) Runner for ClawSec Scanner.
+ * DAST Runner for ClawSec Scanner (static OpenClaw hook inspection).
  *
  * Scope:
  * - Discover OpenClaw hooks from target directories
- * - Execute real hook handlers in an isolated harness process
- * - Validate malicious-input resilience, timeout behavior, output bounds,
- *   and event mutation safety
+ * - Inspect hook handler source in an isolated helper process without
+ *   importing, transpiling, or invoking target handler code
+ * - Report coverage and source-level risk signals as DAST-STATIC-* findings
  */
 
 import fs from "node:fs/promises";
diff --git a/skills/clawsec-scanner/skill.json b/skills/clawsec-scanner/skill.json
index ea539c5..cd2babc 100644
--- a/skills/clawsec-scanner/skill.json
+++ b/skills/clawsec-scanner/skill.json
@@ -1,6 +1,6 @@
 {
   "name": "clawsec-scanner",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "description": "Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific static hook inspection for OpenClaw hooks.",
   "author": "prompt-security",
   "license": "AGPL-3.0-or-later",