ClawSecure
The AI-Powered Antivirus for AI Agents
1.2K followers
The AI-Powered Antivirus for AI Agents
1.2K followers
ClawSecure is the AI-powered antivirus for AI agents. Pre-install scanning, real-time runtime monitoring, the first-ever AI CISO Security Agent, and a sub-200ms Verification API. Full 10/10 OWASP ASI coverage. 41% of agents are dangerous. Free, no signup. clawsecure.ai
This is the 2nd launch from ClawSecure. View more
ClawSecure
Launched this week
ClawSecure is the AI-powered antivirus for AI agents. Pre-install scanning, real-time runtime monitoring, an in-agent Security Companion Agent, and a sub-200ms Verification API. Full 10/10 OWASP ASI coverage. 41% of top agents are dangerous. Free, no signup. clawsecure.ai
Free
Launch Team / Built With
how you handle false positives in the audits?
ClawSecure
@divya_kothari1 False positive rates are low across our platform because of how the detection architecture is designed. Our proprietary engine runs context-aware intelligence that classifies threats based on how AI agents actually operate, not generic code patterns. It differentiates legitimate system-level capabilities like clipboard access, filesystem operations, and shell execution from genuine exfiltration and malicious behavior by analyzing the full behavioral context: what file the pattern appears in, how data flows through the skill, whether external endpoints match known malicious infrastructure, and whether the behavior aligns with what the skill declares it does.
Beyond static analysis, our AI-powered runtime monitoring adds a completely different detection dimension. It continuously analyzes metadata telemetry across your entire agent environment, every skill, MCP server, CLI tool, and configuration, using LLM-driven threat classification to score risk, detect behavioral anomalies, and flag deviations in tool call patterns. When you're correlating declared permissions against actual runtime behavior and measuring that against a dataset of millions of audited agents, the signal-to-noise ratio improves significantly. Static analysis tells you what code could do. Runtime behavioral analysis tells you what it's actually doing. The combination is what keeps false positives low and true detection high.
Do you plan to open source the audit methodologies for transparency??
ClawSecure
@zerotox We open-source the research, not the detection rules. Our public GitHub repo has full OWASP ASI mapping, findings methodology, and security documentation. We also publish a Trust Center, vulnerability disclosure policy with safe harbor, NIST AI RMF alignment, and our CSA STAR Registry listing. Transparency of methodology and results is something we take seriously.
But the proprietary detection signatures and behavioral analysis logic stay closed, and that's intentional. Publishing the exact patterns our engine uses to catch threats would give malicious skill authors a blueprint to craft evasions. That's the same reason every serious security company keeps detection logic proprietary while making their tools widely accessible. Our scanner is free with zero restrictions. The research is public. The detection engine that keeps users safe stays protected.
Documentation.AI
Does this also come as a browser extension that warns before we install risky skills? Congrats on shipping.
ClawSecure
@roopreddy Not a browser extension, but something better. Our runtime daemon installs with one command and monitors your entire agent environment continuously, not just the install moment. It watches every skill, MCP server, and CLI tool for risks, permission changes, and behavioral anomalies in real time. Plus our in-agent security companion Claw lives directly inside your OpenClaw agent and automatically intercepts and assesses any component before you install it, right where you work. Thanks for the support!
Triforce Todos
ClawSecure
@abod_rehman Both. Pre-install, our engine detects prompt injection patterns through static analysis of skill instructions and code. Post-install, our AI-powered runtime monitoring continuously analyzes behavioral telemetry across your entire agent environment, including session activity and tool call patterns at higher tiers, so anomalous behavior that indicates active prompt injection attempts gets flagged in real time. Static analysis catches what's written into the code. Runtime monitoring catches what's happening live.
congrats @jdsalbego does it work for self-hosted agents or only the ones from public registries?
ClawSecure
@mikhail_prasolov Yes both! Any framework is applicable.
GrowMeOrganic
I would like to receive an alert on my Slack whenever Watchtower detects suspicious behavior. Congrats on launching.
ClawSecure
@iamanantgupta Thanks! Slack integration is on our near-term roadmap and one of the most requested features from our community. Right now Watchtower alerts surface through the runtime monitoring dashboard in real time and via email and Telegram notifications. The detection infrastructure already generates the events the moment hash drift or a behavioral anomaly is caught, so adding Slack and Discord as notification channels is a straightforward build on top of what's already there. It's coming soon. Appreciate the feedback, it helps us prioritize.
As someone building a context-aware guardrail for OpenClaw for my capstone, this hits closer to home than almost anything I've seen launched this week. The thing that stopped me was ClawHavoc -an actual named malware campaign with command-and-control callbacks already inside 18.7% of skills in the ecosystem. That's not a theoretical threat model, that's active infrastructure.
The soul.md and memory.md poisoning detection is the part I find most technically interesting though. Poisoning an agent's persistent memory layer is a completely different class of attack from injecting malicious code as you're not breaking the agent, you're quietly changing who it is over time. Most guardrails I've seen, focus on action-level interception. Almost nobody is thinking about memory-layer integrity.We tried adding a shared memory ledger so all the intent is stored in our project .
What I'm curious about is how ClawSecure tells the difference between a skill that's legitimately accessing the clipboard versus one that's harvesting credentials - because the action looks completely identical from the outside. Is that distinction coming from a fixed set of rules, or does ClawSecure actually learn what normal behaviour looks like for each skill over time and flag anything that deviates?