ClawSecure - The AI-Powered Antivirus for AI Agents

@jdsalbego Many congratulations on the launch, J.D. :)

Thrilled to see ClawSecure on The Pitch leaderboard. I am rooting for it since its first launch!

Everyone is building OpenClaw AI agents, there's hardly any security solution for them. Hence this is a refreshing + critically important category to pioneer.

@thamibenjelloun Thanks!

@artstavenka1 Really appreciate that. The "code is the attack" framing came directly from watching what happens in an ecosystem where skills ship with full system access and no permissions model. It's not a runtime anomaly when the code itself is the weapon.

To your question: yes, we cover both. The pre-install scan resolves the full recursive dependency tree and checks for known CVEs, compromised packages, unpinned semver ranges that are vulnerable to hijack, and typosquatting on known packages. Watchtower then monitors for hash drift across the entire skill codebase, so if a transitive dependency gets compromised in an update, the hash change triggers an automatic rescan through the full 3-layer protocol. That's actually one of the sneakiest attack vectors in the ecosystem: the top-level skill code stays clean while a nested dependency quietly introduces the payload. We catch both layers.

@kate_ramakaieva That "I didn't realize" moment is exactly why we built this. Most people have no idea what their agents are actually doing until they see it laid out in a report. Elevated permissions hiding in plain sight is one of the most common findings across the 10,000+ agents we've audited.

Glad the scanner delivered. And if you want to go deeper than individual scans, the runtime monitoring dashboard maps your entire agent environment, every permission, every connection, every blast radius, so nothing stays hidden. Thanks for the kind words on the pitch, appreciate the support!

@divyanshu_kandpal Great question. Not every code change is malicious. Developers push legitimate updates, dependencies get patched, skills evolve. When Watchtower detects hash drift, it triggers an automatic full rescan through our 3-layer audit protocol. The updated code gets analyzed the same way a fresh install would: our proprietary engine evaluates whether the changes introduce actual threat patterns like C2 callbacks, credential exfiltration endpoints, or permission escalation, versus benign updates like bug fixes or feature additions.

The key is context-aware intelligence. Our engine understands the difference between a skill legitimately using system-level capabilities (which is standard for any useful agent) and a skill abusing those same capabilities to exfiltrate data or execute unauthorized commands. A dependency update that patches a vulnerability scores differently than one that introduces an obfuscated payload. The rescan produces an updated Security Audit Report with the new risk score, so users can see exactly what changed and whether the change made the skill safer or more dangerous.

@juan Thanks! The honest answer is usually data shock. Someone scans a skill they've been running for months, expecting a clean report, and discovers credential exfiltration patterns or shell execution they had no idea was there. That moment shifts everything from "I should probably look into security" to "what else is running in my environment that I haven't checked?"

The second trigger is realizing that manual review and version pinning only covers what you can see at one point in time. 22.9% of skills in our dataset changed their code after install. A skill can pass every check on day one and quietly mutate on day five. Once users experience that personally through Watchtower

flagging something they already trusted, the need for continuous monitoring clicks immediately.

The first week is straightforward. Most users start with the free scanner to audit everything they're currently running. That takes an afternoon since each scan is about 30 seconds. They see their Security Audit Reports, identify what's clean and what needs attention, and Watchtower starts tracking everything for code changes automatically.

From there, the users who are running agents in any real capacity quickly move into runtime monitoring. One command installs the daemon, and suddenly they have full visibility into their entire agent environment: every skill, every MCP server, every CLI tool, permission maps showing blast radius, configuration audits, and AI-powered risk scoring across everything. The dashboard gives them a single view across all their tracked agents with real-time alerts instead of manually checking individual reports.

The shift from "I scanned a few skills" to "I can see my entire agent environment and what every component is actually doing" is usually what converts free users to paid. That's by design. The free tools show you the problem. Runtime monitoring shows you the full picture and keeps watching it continuously.

@le_ng_c_dan_nhi "Boring but necessary" is the best compliment a security product can get. The boring infrastructure is what everything else runs on top of. Nobody thinks about antivirus until they need it, and by then it's too late.

And you're right, once agents are touching real user data, email, files, credentials, payment tools, the blast radius of a compromised skill isn't theoretical anymore. That's exactly why we built runtime monitoring beyond just scanning. Knowing a skill was safe when you installed it isn't enough. You need continuous visibility into what your entire agent environment is actually doing. Appreciate the support!

@bhawna_rathee It's reducing risk in ways that isolation and manual review structurally can't. Manual review doesn't scale when you're running dozens of skills, MCP servers, and CLI tools, and it tells you nothing about what changes after you've reviewed it. Isolation helps but doesn't exist in OpenClaw by default, and most users aren't setting it up. ClawSecure gives you automated pre-install analysis, continuous post-install integrity monitoring, and AI-powered runtime visibility across your entire agent environment in real time. That's not another layer on top. That's the security infrastructure the ecosystem doesn't have.

@iamanantgupta Thanks! Slack integration is on our near-term roadmap and one of the most requested features from our community. Right now Watchtower alerts surface through the runtime monitoring dashboard in real time and via email and Telegram notifications. The detection infrastructure already generates the events the moment hash drift or a behavioral anomaly is caught, so adding Slack and Discord as notification channels is a straightforward build on top of what's already there. It's coming soon. Appreciate the feedback, it helps us prioritize.

@divya_kothari1 False positive rates are low across our platform because of how the detection architecture is designed. Our proprietary engine runs context-aware intelligence that classifies threats based on how AI agents actually operate, not generic code patterns. It differentiates legitimate system-level capabilities like clipboard access, filesystem operations, and shell execution from genuine exfiltration and malicious behavior by analyzing the full behavioral context: what file the pattern appears in, how data flows through the skill, whether external endpoints match known malicious infrastructure, and whether the behavior aligns with what the skill declares it does.

Beyond static analysis, our AI-powered runtime monitoring adds a completely different detection dimension. It continuously analyzes metadata telemetry across your entire agent environment, every skill, MCP server, CLI tool, and configuration, using LLM-driven threat classification to score risk, detect behavioral anomalies, and flag deviations in tool call patterns. When you're correlating declared permissions against actual runtime behavior and measuring that against a dataset of millions of audited agents, the signal-to-noise ratio improves significantly. Static analysis tells you what code could do. Runtime behavioral analysis tells you what it's actually doing. The combination is what keeps false positives low and true detection high.