Lately I've been more or less a human wrapper around my AI agents —
  Claude Code, OpenClaw, etc. They're incredibly productive, but they
  scare me regularly.

  The wake up moment: I had an agent run tasks involved checking  my
  environment variables. I totally had an AWS secret sitting right
  in there. By the time I realized, my key had already entered the
  session context — meaning it was sent to the LLM provider and whatever
  router layers sit in between. I had to rotate that secret immediately.

  That was a wake-up call. These agents can run commands, read files,
  and access secrets without visibility to human. 
  Third-party skills and plugins make it worse —
  Cisco recently found an OpenClaw skill silently exfiltrating data via
  curl. CrowdStrike, NCC Group published similar findings. The attack
  surface is real and it's everywhere.

  I spent my past week's nights building ClawCare. It does two things:

  1. Static scanning — scans plugin/skill files for dangerous patterns
  (pipe-to-shell, credential access, reverse shells, data exfiltration,
  prompt injection) before they ever run. Works in CI.

  2. Runtime guard — hooks into the agent's tool execution pipeline and
  blocks dangerous commands in real time. That env dump that leaked my
  AWS key? ClawCare blocks it before it reaches the LLM.

      pip install clawcare
      clawcare guard activate --platform {claude|openclaw}

  Currently supports Claude Code (PreToolUse hooks) and OpenClaw
  (before_tool_call plugin) for runtime guarding, plus static scanning
  on Claude/Codex/OpenClaw/Cursor skill and plugin formats.
  
  Include 30+ detection rules, custom rules and integration supported,
  support skill manifests on permission boundaries, full audit trail.

  Apache 2.0. Python 3.10+.

  GitHub: https://github.com/natechensan/ClawCare
  Demo: https://github.com/natechansan/ClawCare-demo