ClawSecure - The AI-Powered Antivirus for AI Agents

@ragsyme Those bad vibes are backed by data. 99.3% of skills ship with zero permissions declared, meaning no capability boundaries at all. Full system access by default, no questions asked. That gut feeling is exactly why we built ClawSecure. Paste any of those skills into the scanner and you'll see exactly what they're actually doing in 30 seconds. Bet at least one surprises you.

@syed_shayanur_rahman Appreciate that. We'd rather be slightly early building the security infrastructure than scrambling to build it after the first major incident. The ecosystem is growing faster than any open source project in history and the security layer needs to already be in place when the wave hits, not built as a reaction to it. Thanks for the support!

@roopreddy Not a browser extension, but something better. Our runtime daemon installs with one command and monitors your entire agent environment continuously, not just the install moment. It watches every skill, MCP server, and CLI tool for risks, permission changes, and behavioral anomalies in real time. Plus our in-agent security companion Claw lives directly inside your OpenClaw agent and automatically intercepts and assesses any component before you install it, right where you work. Thanks for the support!

@himani_sah1 Different problem, different architecture. Sandboxing constrains what code can do at execution time by restricting its access to system resources. ClawSecure secures the full lifecycle: we verify what the code is before it runs, monitor your entire agent environment continuously after deployment, and detect when anything changes, drifts, or behaves anomalously.

In the OpenClaw ecosystem specifically, there is no sandbox. Skills ship with full system access, no permissions model, no isolation. So traditional sandboxing doesn't exist here, and retrofitting it would break most of the functionality that makes agents useful.

Our approach is purpose-built for that reality. Pre-install, our proprietary engine analyzes skills across three independent layers before anything executes on your machine. Post-install, runtime monitoring watches your full agent environment: every skill, MCP server, CLI tool, permission map, and configuration, with AI-powered behavioral analysis scoring risk and flagging anomalies continuously.

Rather than trying to restrict what agents can do, which limits their utility, we give users complete visibility into what agents are doing and surface threats the moment they appear. Full lifecycle security instead of a single enforcement boundary.

@hamza_afzal_butt For sure! glad you see the value in this. thanks for the support!

@abod_rehman Both. Pre-install, our engine detects prompt injection patterns through static analysis of skill instructions and code. Post-install, our AI-powered runtime monitoring continuously analyzes behavioral telemetry across your entire agent environment, including session activity and tool call patterns at higher tiers, so anomalous behavior that indicates active prompt injection attempts gets flagged in real time. Static analysis catches what's written into the code. Runtime monitoring catches what's happening live.

@priyankamandal There are quite large security incidents daily already. The threat is already real

@mikhail_prasolov Yes both! Any framework is applicable.

@radx_ishan You nailed the core design challenge. Generic scanners flag every shell access and clipboard read as suspicious, which makes them useless for AI agents where those capabilities are standard. Our engine understands that context, which is why we scored OpenClaw's own official skills as safe while catching actual exfiltration patterns that generic tools missed entirely.

To your second question: that's exactly the scenario Watchtower and runtime monitoring are built for. Watchtower detects code changes via hash comparison and triggers automatic rescans. Runtime monitoring goes further by continuously analyzing behavioral telemetry across your full environment, so if a skill starts making unusual outbound requests or deviating from expected tool call patterns days or weeks after install, it gets flagged. 22.9% of skills in our dataset already exhibited exactly this kind of post-install change. It's not theoretical, it's the most common attack vector in the ecosystem.

@pranitha_g Really appreciate the technical depth here, especially the memory-layer integrity point. You're right that SOUL.md and MEMORY.md poisoning is a fundamentally different attack class. You're not exploiting the agent, you're reshaping its identity over time, and most guardrails aren't even looking at that surface. Our engine specifically analyzes those files for injection patterns and unauthorized access attempts. To your question about clipboard access versus credential harvesting: it's both. Our proprietary engine runs a fixed set of 55+ ecosystem-specific signatures plus context-aware classification that evaluates the full behavioral context, what file the pattern appears in, how data flows through the skill, whether external endpoints match known malicious infrastructure, and whether the behavior aligns with what the skill actually declares it does. On the runtime side, our AI-powered monitoring layer adds continuous behavioral analysis across the full environment, so deviations from expected patterns get flagged over time, not just at the scan moment. Would love to see what you're building with the shared memory ledger for your capstone.