ClawNex
Practical security for the AI agents your team runs.
ClawNex checks model traffic sent through its proxy, can block matching requests before they reach the model, and records supported direct sessions for later review. It shows what was checked, what was blocked, and what remains outside live enforcement.
Built for small and midsize teams that need useful controls without the cost and complexity of a large enterprise security platform.
Prompts can contain sensitive information, tools can take actions, and some model connections may bypass the checks you expect. ClawNex helps make supported activity visible and records evidence for review.
Requires Node.js 22+, Python 3.12+, Git, and a supported macOS or Linux host. See full installation guide for local installs, VPS setup, and production configuration.
Checks routed prompts and responses against 163 built-in detection patterns and any policy rules the operator enables.
Records routed requests with model, provider, result, score, latency, and token count. Supported direct-session activity can be added later from local session files.
Five built-in roles and 32 permissions, with passwords, passkeys, GitHub sign-in, email sign-in links, and progressive lockout.
Records operator actions, reasons, and related evidence for search and export, with configurable retention controls.
Allows a time-limited Shield bypass when an operator records a reason. Activation and deactivation are logged.
Shows token usage and estimated cost by model and agent for traffic ClawNex can record.
Connects OpenClaw and Hermes routing, plus Paperclip activity reporting, with clear labels for each data source.
Creates security, incident, usage, and governance summaries in PDF, Markdown, or Excel formats.
A guided look at the overview, connected agents, traffic checks, potential impact, audit records, usage, and reports.
Prompts and responses sent through the ClawNex proxy are checked against the enabled detection and policy rules. In block mode, a matching request can be stopped before it reaches the model.
For supported direct provider sessions, ClawNex can read available local session files and check them after the event. This provides evidence for review, but it cannot block activity that already happened.
The dashboard labels these paths so operators can distinguish live enforcement from later visibility and identify activity ClawNex cannot inspect.
The Trust Audit and Blast Radius views connect access paths to the tools and workspaces that could be affected.
Review who can reach an agent, which tools it can use, and which systems may be affected if that access is misused.
ClawNex is a public alpha. Available, early-alpha, and planned capabilities are labeled separately so teams can evaluate the product based on what works today.
Federated authentication with your corporate identity provider
Local passwords, WebAuthn passkeys, GitHub OAuth, and email magic links
Define permission sets beyond the 5 built-in roles
The standalone agent reports heartbeat and inventory from remote OpenClaw or Hermes hosts. Remote control and inline relay are not enabled yet.
Security, incident, governance, and compliance-oriented reports and evidence exports
Lock sessions to originating IP for high-security environments
Apache 2.0 software that you can self-host, inspect, and adapt.
Designed for small and midsize teams, security practitioners, and hands-on AI operators. It is not a replacement for every enterprise security control.
ClawNex was created by Frederick Nwokobia. Use it independently, or work with ProBizSystems for installation, integration, policy setup, maintenance, and support.
Occasional emails about important releases and practical operator guidance.
Occasional product updates. Unsubscribe at any time.