I love OpenClaw and what it can do. I have long been wanting OpenClaw to take care of my shopping and purchases online. However, with the current threat of prompt injections, I do not trust it with my credit card details as it stands.

To reduce the chance of breaches, I built ClawLock, a supervisor (sidecar with process isolation) for OpenClaw that injects controls around tool use. The user defines a passport for what the tools can and cannot do and ClawLock governs it. For high-risk transactions like in-browser purchases or shell command, a deterministic policy engine and an LLM-as-judge are used to detect any potential threats prior to execution.

ClawLock is currently in its infancy. It is primarily tested on Linux. I would appreciate any feedback on your experience using it on MacOS and WSL.