Open Source · Security for OpenClaw

Your agent has root access.
And zero guardrails.

Your OpenClaw agent can delete files, leak secrets, and make purchases. Clawsec stops it in under 5ms.

Star on GitHubView Source
The Problem

Agentic AI is here. Security isn't.

Exposed by Default

Thousands of AI agent instances are running right now with no authentication, no guardrails, and full system access.

No Built-in Security

The most popular AI frameworks ship with zero security defaults. Every agent gets full access to files, network, and shell.

Real Attacks, Real Damage

Prompt injection, secret leakage, unauthorized purchases, data exfiltration — these aren’t hypothetical. They’re happening now.

Live Demo

See it in action

Watch Clawsec intercept dangerous actions in real-time

MyClaw Dashboard
Online
J
Message your OpenClaw...
Share this demoXLinkedInRedditHacker News
Architecture

What happens when your agent calls a tool

Every tool invocation passes through three stages before execution

1

Tool call intercepted

Shell commands, HTTP requests, file writes — Clawsec’s middleware catches every tool call before it executes.

clawsec.intercept(toolCall)
2

Rules engine scores risk

Pattern matching against built-in rulesets: destructive-commands, secrets/*, exfiltration/*. Evaluation completes in under 5ms.

match: "destructive-commands/rm-recursive" → risk: critical
3

Action enforced

Based on the matched rule’s configured action in your clawsec.yaml, Clawsec decides what happens next.

action: block | confirm | allow
BlockAction denied, agent notified
ConfirmHuman approval required
Allow + LogExecuted with full audit trail
Quick Start

Running in 30 seconds

One command. Zero config required.

1

Install

openclaw plugins install clawsec

2

Configure

Auto-generates clawsec.yaml

3

Protected

Your agent is secured

clawsec.yaml
# clawsec.yaml
extends:
  - builtin/aws-security
  - builtin/pii-protection
 
rules:
  destructive-commands:
    action: block
  financial-transactions:
    action: confirm # requires user approval
 
approval:
  agentConfirm:
    enabled: true
    parameterName: "_clawsec_confirm"
See full config on GitHub
Coverage

What Clawsec catches out of the box

Built-in rulesets that protect your agent from day one. Every rule is configurable, extensible, and open source.

Destructive Commands

File deletion, database drops, process kills

rm -rfDROP TABLEkill -9

Secret Exposure

API keys, tokens, and credentials in output

AKIA*sk_live_*.env

Data Exfiltration

Unauthorized uploads to external endpoints

curl -d @dataPOST external.io

Unauthorized Purchases

Payment APIs and subscription changes

charge()subscribe()

Privilege Escalation

Root access and permission changes

sudochmod 777--admin

Prompt Injection

System prompt leaks and instruction override

ignore previousSYSTEM:
MIT Licensed·<5ms latency·Any agent framework·Extensible YAML rules

New rules ship every release. Star to stay updated.

Star on GitHub