I run AI agents on my laptop 24/7. One day I realized my agent had unrestricted access to my SSH keys, AWS credentials, and crypto wallet. No prompt injection needed - it already had permission.
Tools like LlamaFirewall (Meta) and NeMo Guardrails (NVIDIA) protect the prompt layer, but nothing protected the host machine itself.
ClawMoat is the missing layer:
- 4 permission tiers (observer to full), enforced at runtime
- Forbidden zones - auto-protects ~/.ssh, ~/.aws, browser data, wallets
- Credential monitoring - alerts on access attempts
- Skill/plugin auditing - hash verification + suspicious pattern detection
- Network egress logging - see where your agent sends data
Zero dependencies, sub-millisecond, 142 tests, MIT licensed.
ildar•1h ago
Tools like LlamaFirewall (Meta) and NeMo Guardrails (NVIDIA) protect the prompt layer, but nothing protected the host machine itself.
ClawMoat is the missing layer:
- 4 permission tiers (observer to full), enforced at runtime - Forbidden zones - auto-protects ~/.ssh, ~/.aws, browser data, wallets - Credential monitoring - alerts on access attempts - Skill/plugin auditing - hash verification + suspicious pattern detection - Network egress logging - see where your agent sends data
Zero dependencies, sub-millisecond, 142 tests, MIT licensed.
Comparison with LlamaFirewall and NeMo Guardrails: https://clawmoat.com/blog/clawmoat-vs-llamafirewall-nemo-gua...
Happy to answer questions about AI agent security architecture.