I run AI agents on my laptop 24/7. One day I realized my agent had unrestricted access to my SSH keys, AWS credentials, and crypto wallet. No prompt injection needed - it already had permission.

Tools like LlamaFirewall (Meta) and NeMo Guardrails (NVIDIA) protect the prompt layer, but nothing protected the host machine itself.

ClawMoat is the missing layer:

- 4 permission tiers (observer to full), enforced at runtime - Forbidden zones - auto-protects ~/.ssh, ~/.aws, browser data, wallets - Credential monitoring - alerts on access attempts - Skill/plugin auditing - hash verification + suspicious pattern detection - Network egress logging - see where your agent sends data

Zero dependencies, sub-millisecond, 142 tests, MIT licensed.

Comparison with LlamaFirewall and NeMo Guardrails: https://clawmoat.com/blog/clawmoat-vs-llamafirewall-nemo-gua...

Happy to answer questions about AI agent security architecture.