frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: ClawCare – Security scanner and runtime guard for AI agent skills

https://github.com/natechensan/ClawCare
1•chendev2•1h ago

  Lately I've been more or less a human wrapper around my AI agents —
  Claude Code, OpenClaw, etc. They're incredibly productive, but they
  scare me regularly.

  The wake up moment: I had an agent run tasks involved checking  my
  environment variables. I totally had an AWS secret sitting right
  in there. By the time I realized, my key had already entered the
  session context — meaning it was sent to the LLM provider and whatever
  router layers sit in between. I had to rotate that secret immediately.

  That was a wake-up call. These agents can run commands, read files,
  and access secrets without visibility to human. 
  Third-party skills and plugins make it worse —
  Cisco recently found an OpenClaw skill silently exfiltrating data via
  curl. CrowdStrike, NCC Group published similar findings. The attack
  surface is real and it's everywhere.

  I spent my past week's nights building ClawCare. It does two things:

  1. Static scanning — scans plugin/skill files for dangerous patterns
  (pipe-to-shell, credential access, reverse shells, data exfiltration,
  prompt injection) before they ever run. Works in CI.

  2. Runtime guard — hooks into the agent's tool execution pipeline and
  blocks dangerous commands in real time. That env dump that leaked my
  AWS key? ClawCare blocks it before it reaches the LLM.

      pip install clawcare
      clawcare guard activate --platform {claude|openclaw}

  Currently supports Claude Code (PreToolUse hooks) and OpenClaw
  (before_tool_call plugin) for runtime guarding, plus static scanning
  on Claude/Codex/OpenClaw/Cursor skill and plugin formats.
  
  Include 30+ detection rules, custom rules and integration supported,
  support skill manifests on permission boundaries, full audit trail.

  Apache 2.0. Python 3.10+.

  GitHub: https://github.com/natechensan/ClawCare
  Demo: https://github.com/natechansan/ClawCare-demo

Comments

with•1h ago
I understand the entire project was vibe coded, but can you at least write the post yourself?

Show HN: RunVeto – A Simple Kill Switch for Autonomous AI Agents

https://www.runveto.xyz/
1•JDPatel1729•30s ago•0 comments

The LLM App Isn't a Model, It's a System: Designing for Quarterly Model Swaps

https://garybake.com/seams1.html
1•garybake•4m ago•1 comments

An Unbiased OSS Benchmark. For Code Review Agents

https://codereview.withmartian.com
2•alokDT•4m ago•0 comments

The 'Million AI Monkeys' Hypothesis and Real-World Projects

https://ayende.com/blog/203907-B/the-million-ai-monkeys-hypothesis-real-world-projects?key=76196b...
1•ayende•5m ago•0 comments

Merrilin – We built an app to read books

https://tech.stonecharioteer.com/posts/2026/merrilin/
2•stonecharioteer•5m ago•1 comments

Software development now costs less than than the wage of a minimum wage worker

https://ghuntley.com/real/
1•ghuntley•8m ago•0 comments

My personal blog's traffic is 95% AI crawlers this week

https://c0n0.com/posts/ai-traffic/
1•jealousgelatin•10m ago•0 comments

Does journaling help people understand themselves long-term?

1•ashutoshbhatia•11m ago•0 comments

Template for telling the truth on layoffs like at Block

1•nutanc•11m ago•0 comments

Reddit disables any access to R/all on mobile

https://www.reddit.com/r/help/s/vnPnnrsUPm
1•embedding-shape•12m ago•0 comments

HikmaAI – The AI Agent Supply Chain is Broken. Here is how we fix it

https://twitter.com/HikmaAi_/status/2027286845290098768
1•NibrasSB•12m ago•0 comments

How to Run Services on a Linux Server

https://huijzer.xyz/posts/150/how-to-run-services-on-a-linux-server
1•huijzer•14m ago•1 comments

AI voice agents for hotels: lessons from 15,910 real guest calls

https://polydom.ai/blog/what-16-000-hotel-phone-calls-taught-us-about-ai-voice-agents
1•wastemaster•15m ago•1 comments

Show HN: I Created an Interactive Resume Space Invader Game

https://breezko.dev
1•breezk0•15m ago•0 comments

Show HN: Asupersync, the Cancel-Correct Async Runtime for Rust

https://asupersync.com/
2•eigenvalue•15m ago•0 comments

Atomic GraphRAG Explained: The Case for a Single-Query Pipeline

https://memgraph.com/blog/atomic-graphrag-explained-single-query-pipeline
2•mbuda•15m ago•1 comments

The Teaching Method That Can't Fail

https://substack.com/home/post/p-187807163
1•artbristol•15m ago•0 comments

AI Assisted Coding

https://kirit.com/Blog:/2026/02-27-AI%20Assisted%20coding
1•KayEss•17m ago•0 comments

Apple announces F1 details, and a surprising Netflix partnership

https://sixcolors.com/post/2026/02/apple-announces-f1-details-and-a-surprising-netflix-partnership/
1•tosh•17m ago•0 comments

Addressing AI-slop in security reports

https://github.com/apache/logging-log4j2/discussions/4052
1•Tomte•18m ago•0 comments

I swarms can threaten democracy by manufacturing fake public consensus

https://techxplore.com/news/2026-01-generation-disinformation-ai-swarms-threaten.html
1•xyzal•22m ago•0 comments

OpenClaw: secrets

https://docs.openclaw.ai/cli/secrets
1•tosh•25m ago•0 comments

Show HN: Docsome – Single Markdown file to featured static documentation

https://docsome.guarana.studio/
4•ryuzyy•28m ago•2 comments

Elixir: Lazy BDDs with eager literal intersections

https://elixir-lang.org/blog/2026/02/26/eager-literal-intersections/
3•tosh•30m ago•1 comments

Pluralism and the Modern Poet

https://www.lrb.co.uk/the-paper/v48/n03/seamus-perry/pluralism-and-the-modern-poet
2•Caiero•32m ago•0 comments

Nano Banana 2 Is Really Coming! Here's How to Access It Early

1•zaaaaooo•35m ago•0 comments

Firefox's AI Kill Switch Is a Trap: How Mozilla Made AI Your Problem

https://www.quippd.com/writing/2026/02/09/firefoxs-ai-kill-switch-is-a-trap-how-mozilla-made-ai-y...
2•mimasama•35m ago•0 comments

Lessons from my overly-introspective, self-improving coding agent

https://ngrok.com/blog/bmo-self-improving-coding-agent
1•DropDead•35m ago•0 comments

Werner Herzog Between Fact and Fiction

https://www.thenation.com/article/culture/werner-herzog-future-truth/
2•Hooke•37m ago•0 comments

The Tech Job Apocalypse

https://vaggelismeklis.substack.com/p/the-tech-job-apocalypse
1•vmeklis•38m ago•0 comments