Final week, DJ wrote about why OpenClaw – the agent he makes use of to assist run his household’ life wants a governance layer. He pointed to ClawHavoc, 135K uncovered cases, and the rising hole between how highly effective OpenClaw is and the way little anybody was doing to safe it.
That hole is precisely why we constructed DefenseClaw.
DefenseClaw is now reside on GitHub. It’s open supply, prepared to put in, and constructed to deliver governance, enforcement and observability to OpenClaw.
You already know why this issues. This put up will cowl what you can do about it.
What Ships As we speak: Three Layers of Protection
DefenseClaw is the operational governance layer that was lacking from the stack. NVIDIA supplied the sandbox basis with OpenShell. The Cisco AI Protection crew open sourced the scanners. DefenseClaw brings them collectively into one ruled loop – so the safety choices occur routinely.
Layer 1: Safe the provision chain
Whenever you set up a talent, plugin or MCP by means of DefenseClaw CLI, it will get scanned earlier than it’s allowed into your setting. However we don’t assume all the pieces will undergo CLI, so it constantly screens the related directories for any adjustments – the place it’s a manually added plugin, a copied talent or one thing pulled by one other course of. Essential and high-severity findings can set off enforcement actions, and each occasion is logged.
- defenseclaw talent scan slack
- defenseclaw plugin set up clawhub://voice-call
- defenseclaw mcp set deepwiki –url http://mcp.deepwiki.com/mcp
Layer 2: Safe the Runtime
Scanning at set up time isn’t sufficient. A immediate injection assault out of your e mail related to your OpenClaw might compromise your system or end in leakage of your private data. So, we constructed an inspection engine that sits within the execution loop as a OpenClaw plugin – LLM immediates, completions, and device invocations get checked in actual time for injection assaults, information exfiltration and common-and-control patterns.
We additionally constructed CodeGuard to scan code that the agent writes. Each file the claw generates, or edits will get checked for hardcoded secrets and techniques, command injection, unsafe deserialization, and bunch of different patterns. In case your agent writes eval(enter) right into a file, CodeGuard catches it earlier than it hits the filesystem.
You can begin in monitor mode the place all the pieces is logged, and nothing is blocked then change over to motion mode for actual time safety.
- defenseclaw setup guardrail –mode motion
Layer 3: Safe the system boundary
We implement safety on the system boundary in order that even in a failure situation the affect is contained. On the infrastructure layer, OpenShell acts because the outer guardrail governing the community and file system i/o, guaranteeing that even when your OpenClaw is compromised, it can’t freely attain exterior methods or modify delicate information.
Each Claw is Born Observable
Each scan consequence, block resolution, device name, alert – all of it streams as structured occasions from the second you begin. We ship with a one-command Splunk setup domestically or in Splunk observability cloud (o11y).
- defenseclaw setup splunk –logs
This offers you an area Splunk occasion with a purpose-built DefenseClaw app – dashboard, saved searches, investigation workflows all pre-wired. In case your claw does one thing, there’s a document with full observability.
Attempt It
You possibly can set up and get it operating in below 5 minutes.
curl -LsSf https://uncooked.githubusercontent.com/cisco-ai-defense/defenseclaw/most important/scripts/set up.sh | bash
defenseclaw init –enable-guardrail
To make it even simpler to get began, we’ve additionally printed an OpenClaw safety studying lab so you possibly can see the way it works and begin experimenting instantly.
What’s Subsequent
DefenseClaw is transport as a totally purposeful governance layer. Native help for different Brokers like ClaudeCode, OpenCode, ZeroClaw, Codex, and so on., are coming very quickly, in addition to quite a few different options and capabilities.
Attempt it and inform us what you want and what’s lacking. Be a part of us on Discord.
