Five Layers. One Install.
Zero Trust.
The complete security platform for OpenClaw. Blocks prompt injection, supply chain attacks, and credential theft — before they reach your agent.
Threat Landscape — Scanning Active
OpenClaw agents are a new attack surface
Agents browse the web, install skills, and hold your API keys. Every capability is also a vector.
Prompt Injection
Malicious instructions hidden in web content hijack your agent — redirecting tool calls, leaking memory, and overriding user intent.
Supply Chain Attack
A skill with a backdoor runs with full agent permissions. ClawHub scans every package before install.
Data Exfiltration
Agent memory silently written to attacker-controlled URLs. ClawGuard intercepts outbound requests and blocks unauthorized exfil.
Credential Theft
API keys extracted from responses and sent outbound. ClawVault isolates secrets from agent reach.
Defense Architecture — All Systems Online
Defense in depth. Every layer independent.
Five modules. One package. Each layer operates independently — if one fails, the others keep running.
ClawBox
Hardened Docker deployment
Docker ComposeClawVault
AES-256-GCM credential vault
~/.clawsentinel/vault/ClawGuard
WS + HTTP proxy firewall
:18790 → :18789ClawHub
Supply chain scanner
hooks openclaw skill installClawEye
Real-time dashboard
localhost:7432Passthrough-first design
If ClawSentinel encounters an error, OpenClaw traffic passes through uninterrupted. Zero downtime guarantee.
Architecture
One package. Five layers.
All connected.
Defense in depth
Each layer operates independently. If ClawGuard Proxy misses something, ClawVault still seals your secrets. No single point of failure.
Passthrough-first
If ClawSentinel encounters an error at any layer, OpenClaw traffic passes through unblocked. Your agent never goes dark.
Unified visibility
ClawEye correlates events across all five layers in real time. One dashboard, one alert feed, one source of truth.
T1 Prompt Injection · T2 Supply Chain · T7 Credential Theft · T3/T6 Exfiltration
Browser LayerScans browser content in real-time before OpenClaw ever touches it.
:18790 → :18789500-rule engine inspects every WS frame and HTTP response. Pro adds LLM semantic analysis.
:18789Receives only verified, sanitized traffic. Runs unmodified — zero config changes.
AES-256-GCMCredentials sealed with AES-256-GCM. Every skill install intercepted and scanned.
Docker ComposeHardened Docker environment. Reduced attack surface. Isolated from host filesystem.
localhost:7432Monitors all five layers simultaneously. Correlates events, fires alerts, streams the unified event feed.
Getting Started
Three commands. Fully protected.
ClawSentinel auto-detects your OpenClaw config. No changes to existing setup.
Install
0x01One package. All five modules included.
Initialize & Start
0x02Auto-detects your OpenClaw config. No edits needed.
Protected
0x03All five layers active. Dashboard at localhost:7432.
Browser Extension
Catch threats before your agent reads the page.
ClawSentinel Guard is the browser-side layer of your defense stack. It scans web content at the source — inside your browser — before OpenClaw ever processes it. Works alongside the ClawGuard proxy for complete coverage.
Real-time page scanning
Scans every page load for prompt injection patterns before content reaches your agent.
Injection highlighting
Visually marks detected injection attempts directly in the page so you see what the agent would have received.
Toolbar threat badge
Shield icon in your browser toolbar shows the current page threat level at a glance.
Zero data collection
All scanning is local. No page content, URL, or usage data is ever sent to any server.
Offline-capable
Works on the 500-rule pattern engine even when the ClawGuard proxy is not running.
Connects to ClawGuard
When the proxy is active, the extension syncs threat context for deeper correlation in ClawEye.
Current Page
Awaiting scan
0%0
Threats detected
500
Rules applied
0
Injection patterns
0
Malicious links
:18790Pricing
Pattern rules block what we know. Semantic intelligence blocks what we don't.
Free covers all known threats forever. Pro adds the intelligence layer for everything else.
All five modules. All known threats. Zero config.
Included modules
Matches known signatures only. Novel, rephrased, and zero-day attacks that miss every rule will pass through.
Everything in Free, plus the intelligence layer.
Pro exclusive — on top of Free
Semantic LLM Engine
Understands intent — catches novel, rephrased, and zero-day attacks no pattern rule covers.
BYOK · Anthropic / OpenAI / OllamaCorrelation Engine
Watches all 5 layers simultaneously. Fires when events combine into a multi-stage attack chain.
7 cross-layer rulesBackground Token Renewal
Access token refreshed silently every 23 hours. Zero interruptions to your agent.
Silent · 23h cycleNo charge for 7 days · Cancel anytime · Access revoked within 24 h
What each plan detects
| Attack Type | Free | Pro |
|---|---|---|
| Known injection (rule match) | Blocked | Blocked |
| Novel / rephrased injection | Missed | Blocked LLM engine |
| Polymorphic attack variant | Missed | Blocked semantic intent |
| Multi-stage exfiltration | Partial | Blocked correlation rule |
| Supply chain + exfil combo | Partial | Blocked RULE-04 fires |
| Zero-day technique | Missed | Blocked LLM intent check |
Pro uses your own API key (BYOK). No traffic is processed by ClawSentinel servers.
Open source. Auditable. Yours.
Every rule, every detection, every line of ClawGuard is public. Licensed under Elastic License 2.0 — free to use, self-host, and audit. No hidden logic. No black-box rules.
The Pro semantic engine uses your own API keys (BYOK) — we never see your traffic or credentials.
Secure Your Agent Today
Zero Trust protection
in 30 seconds.
No cloud. No data collection. No changes to your OpenClaw config. Just install and start — all five layers activate automatically.