Hi HN, we built Clawsec as a security layer for OpenClaw.ai (openclaw.ai).

The problem: AI agents are getting good enough to run shell commands, query databases, and manage infrastructure autonomously. But one hallucinated rm -rf / or a prompt injection that exfiltrates your .env can do real damage.

Clawsec intercepts agent actions before execution and blocks anything matching its rule engine. It covers destructive filesystem ops, database drops, credential access, network exfiltration, and privilege escalation. No sandbox, no VM. It runs inline as a plugin.

  Install: openclaw plugins install clawsec

It's fully open source (MIT). We'd love feedback on the rule coverage and what threat categories we're missing.

  GitHub: github.com/clawdsec/clawsec
  Demo: clawsec.bot

Happy to answer questions.