ClawSecure
A complete security platform for OpenClaw AI agents
839 followers
A complete security platform for OpenClaw AI agents
839 followers
ClawSecure is CrowdStrike for OpenClaw AI agents. 3-layer security audit, real-time Watchtower monitoring, agent marketplace and identity security, and full 10/10 OWASP ASI coverage. 41% of top skills are dangerous. 1 in 5 are sending your data to attackers. Secure your agents in 30 seconds for free. clawsecure.ai
This is the 2nd launch from ClawSecure. View more
ClawSecure
Launching today
ClawSecure is the AI-powered antivirus for AI agents. Pre-install scanning, real-time runtime monitoring, an in-agent Security Companion Agent, and a sub-200ms Verification API. Full 10/10 OWASP ASI coverage. 41% of top agents are dangerous. Free, no signup. clawsecure.ai
Free
Launch Team / Built With
ClawSecure
Hey Product Hunt! 👋 I'm J.D., founder of ClawSecure.
Your AI agents are running with full system access. No verification. No oversight. 41% are dangerous. 1 in 5 send data to attackers. 22.9% silently mutate code after install. 1.6M+ get installed every week. Zero security underneath. 🚨
After a decade securing AI and Web3 at scale (2x exited founder, Bloomberg, CNBC, NYSE, NASDAQ), I've watched billions disappear when ecosystems scale faster than their security. It's happening again, but faster than any cycle before.
We built what the AI agent economy was missing: AI-powered scanning, real-time runtime monitoring, an AI security agent, and a sub-200ms Verification API. Full 10/10 OWASP ASI. Free, no signup, 30 seconds.
Hyped to be back on PH 🚀
Ask us anything, challenge us, or share what's keeping you up at night about agent security — I'll be here all day!
Out of all products today this one attracted most with its 22.9% post-install mutation stat. And the "code is the attack" framing makes sense for an ecosystem with no sandboxing. Interested if you catche mutations in transitive dependencies too or just the top-level skill code itself? Anyways, solid work
ClawSecure
@artstavenka1 Really appreciate that. The "code is the attack" framing came directly from watching what happens in an ecosystem where skills ship with full system access and no permissions model. It's not a runtime anomaly when the code itself is the weapon.
To your question: yes, we cover both. The pre-install scan resolves the full recursive dependency tree and checks for known CVEs, compromised packages, unpinned semver ranges that are vulnerable to hijack, and typosquatting on known packages. Watchtower then monitors for hash drift across the entire skill codebase, so if a transitive dependency gets compromised in an update, the hash change triggers an automatic rescan through the full 3-layer protocol. That's actually one of the sneakiest attack vectors in the ecosystem: the top-level skill code stays clean while a nested dependency quietly introduces the payload. We catch both layers.
FuseBase
Just spent 5 mins playing with the free scanner. Found two agents I'd been using that had elevated permissions I didn't realize. The 30-second promise seems to be delivered. Congrats @jdsalbego and the team! GL today with the pitch!
ClawSecure
@kate_ramakaieva That "I didn't realize" moment is exactly why we built this. Most people have no idea what their agents are actually doing until they see it laid out in a report. Elevated permissions hiding in plain sight is one of the most common findings across the 10,000+ agents we've audited.
Glad the scanner delivered. And if you want to go deeper than individual scans, the runtime monitoring dashboard maps your entire agent environment, every permission, every connection, every blast radius, so nothing stays hidden. Thanks for the kind words on the pitch, appreciate the support!
Product Hunt
Congrats on the launch @jdsalbego ! Most teams I know are still on manual review and version pinning until something goes wrong. What's usually the thing that pushes them to actually adopt ClawSecure? And what does the first week look like once they're in?
ClawSecure
@juan Thanks! The honest answer is usually data shock. Someone scans a skill they've been running for months, expecting a clean report, and discovers credential exfiltration patterns or shell execution they had no idea was there. That moment shifts everything from "I should probably look into security" to "what else is running in my environment that I haven't checked?"
The second trigger is realizing that manual review and version pinning only covers what you can see at one point in time. 22.9% of skills in our dataset changed their code after install. A skill can pass every check on day one and quietly mutate on day five. Once users experience that personally through Watchtower
flagging something they already trusted, the need for continuous monitoring clicks immediately.
The first week is straightforward. Most users start with the free scanner to audit everything they're currently running. That takes an afternoon since each scan is about 30 seconds. They see their Security Audit Reports, identify what's clean and what needs attention, and Watchtower starts tracking everything for code changes automatically.
From there, the users who are running agents in any real capacity quickly move into runtime monitoring. One command installs the daemon, and suddenly they have full visibility into their entire agent environment: every skill, every MCP server, every CLI tool, permission maps showing blast radius, configuration audits, and AI-powered risk scoring across everything. The dashboard gives them a single view across all their tracked agents with real-time alerts instead of manually checking individual reports.
The shift from "I scanned a few skills" to "I can see my entire agent environment and what every component is actually doing" is usually what converts free users to paid. That's by design. The free tools show you the problem. Runtime monitoring shows you the full picture and keeps watching it continuously.
Honestly, this feels like one of those “boring but super necessary” tools. If AI agents are touching real user data, having security audits + live monitoring built in is a pretty big deal.
Mailwarm
ClawSecure
@thamibenjelloun Thanks!