Final week, DJ wrote about why OpenClaw – the agent he makes use of to assist run his household’ life wants a governance layer. He pointed to ClawHavoc, 135K uncovered cases, and the rising hole between how highly effective OpenClaw is and the way little anybody was doing to safe it.
That hole is precisely why we constructed DefenseClaw.
DefenseClaw is now dwell on GitHub. It’s open supply, prepared to put in, and constructed to convey governance, enforcement and observability to OpenClaw.
You already know why this issues. This submit will cowl what you can do about it.
What Ships At present: Three Layers of Protection
DefenseClaw is the operational governance layer that was lacking from the stack. NVIDIA supplied the sandbox basis with OpenShell. The Cisco AI Protection workforce open sourced the scanners. DefenseClaw brings them collectively into one ruled loop – so the safety choices occur routinely.
Layer 1: Safe the availability chain
If you set up a ability, plugin or MCP via DefenseClaw CLI, it will get scanned earlier than it’s allowed into your surroundings. However we don’t assume the whole lot will undergo CLI, so it constantly displays the related directories for any modifications – the place it’s a manually added plugin, a copied ability or one thing pulled by one other course of. Essential and high-severity findings can set off enforcement actions, and each occasion is logged.
- defenseclaw ability scan slack
- defenseclaw plugin set up clawhub://voice-call
- defenseclaw mcp set deepwiki –url http://mcp.deepwiki.com/mcp
Layer 2: Safe the Runtime
Scanning at set up time isn’t sufficient. A immediate injection assault out of your e mail related to your OpenClaw might compromise your system or lead to leakage of your private data. So, we constructed an inspection engine that sits within the execution loop as a OpenClaw plugin – LLM immediates, completions, and instrument invocations get checked in actual time for injection assaults, knowledge exfiltration and common-and-control patterns.
We additionally constructed CodeGuard to scan code that the agent writes. Each file the claw generates, or edits will get checked for hardcoded secrets and techniques, command injection, unsafe deserialization, and bunch of different patterns. In case your agent writes eval(enter) right into a file, CodeGuard catches it earlier than it hits the filesystem.
You can begin in monitor mode the place the whole lot is logged, and nothing is blocked then change over to motion mode for actual time safety.
- defenseclaw setup guardrail –mode motion
Layer 3: Safe the system boundary
We implement safety on the system boundary in order that even in a failure situation the affect is contained. On the infrastructure layer, OpenShell acts because the outer guardrail governing the community and file system i/o, making certain that even when your OpenClaw is compromised, it can not freely attain exterior programs or modify delicate information.
Each Claw is Born Observable
Each scan consequence, block determination, instrument name, alert – all of it streams as structured occasions from the second you begin. We ship with a one-command Splunk setup domestically or in Splunk observability cloud (o11y).
- defenseclaw setup splunk –logs
This provides you a neighborhood Splunk occasion with a purpose-built DefenseClaw app – dashboard, saved searches, investigation workflows all pre-wired. In case your claw does one thing, there’s a document with full observability.
Strive It
You may set up and get it working in underneath 5 minutes.
curl -LsSf https://uncooked.githubusercontent.com/cisco-ai-defense/defenseclaw/important/scripts/set up.sh | bash
defenseclaw init –enable-guardrail
To make it even simpler to get began, we’ve got additionally revealed an OpenClaw safety studying lab so you may see the way it works and begin experimenting immediately.
What’s Subsequent
DefenseClaw is delivery as a totally practical governance layer. Native help for different Brokers like ClaudeCode, OpenCode, ZeroClaw, Codex, and many others., are coming very quickly, moreover quite a few different options and capabilities.
Strive it and inform us what you want and what’s lacking. Be part of us on Discord.
