With OpenClaw joining OpenAI yesterday, we figured now’s the time to publicly launch open-source defensive tooling we’ve been building.
SecureClaw has two layers:
1. Code-level plugin (bash) — 55 automated checks: gateway auth, credential exposure, permission auditing, network binding, skill supply chain scanning with ClawHavoc IoCs, CVE verification, automated remediation. Runs outside the LLM context so it can’t be overridden by prompt injection.
2. Behavioral skill (~1,150 tokens) — teaches the agent to recognize injection patterns, detect PII in conversations, flag suspicious skill behavior, monitor memory file integrity (SHA-256). Competing skills burn 4,500+ tokens for less coverage.
What it maps to:
- All 10 OWASP ASI Top 10 categories (only tool that does this)
- MITRE ATLAS Agentic techniques
- CoSAI Agentic security guidance
- Every known OpenClaw incident: CVE-2026-25253, ClawHavoc, Moltbook exposure, credential harvesting
Honest limitations:
- Prompt injection is unsolved industrywide. We harden with multi-layer defense. We don’t claim to eliminate it.
- Can’t fix the architectural decision to store creds in plaintext. We detect and alert.
- Behavioral detection has FP/FN tradeoffs like any runtime monitor.
We’re Adversa AI, we are building Continuous AI red teaming. This is our open-source contribution to the defensive side. Happy to answer technical questions.
alex_polyakov•1h ago
SecureClaw has two layers:
1. Code-level plugin (bash) — 55 automated checks: gateway auth, credential exposure, permission auditing, network binding, skill supply chain scanning with ClawHavoc IoCs, CVE verification, automated remediation. Runs outside the LLM context so it can’t be overridden by prompt injection.
2. Behavioral skill (~1,150 tokens) — teaches the agent to recognize injection patterns, detect PII in conversations, flag suspicious skill behavior, monitor memory file integrity (SHA-256). Competing skills burn 4,500+ tokens for less coverage.
What it maps to: - All 10 OWASP ASI Top 10 categories (only tool that does this) - MITRE ATLAS Agentic techniques - CoSAI Agentic security guidance - Every known OpenClaw incident: CVE-2026-25253, ClawHavoc, Moltbook exposure, credential harvesting
Honest limitations: - Prompt injection is unsolved industrywide. We harden with multi-layer defense. We don’t claim to eliminate it. - Can’t fix the architectural decision to store creds in plaintext. We detect and alert. - Behavioral detection has FP/FN tradeoffs like any runtime monitor.
We’re Adversa AI, we are building Continuous AI red teaming. This is our open-source contribution to the defensive side. Happy to answer technical questions.