ClawNex
Runtime security for AI agent fleets.
Enforce model traffic routed through ClawNex and observe supported direct sessions after the fact. Know who can reach what, what they can do, and where blast radius starts.
AI agents don't just answer anymore — they act. ClawNex gives security teams visibility and control before that becomes a liability.
Autonomous tool calls. Prompts leaving org boundaries. Model routing outside approved surfaces. No auditability. No policy enforcement. No trust boundary visibility.
Requires Node.js 22+, Python 3.12+, Git, and a supported macOS or Linux host. See full installation guide for local installs, VPS setup, and production configuration.
163 built-in detections cover jailbreaks, injection, exfiltration, encoding tricks, unsafe commands, and sensitive data, with additional operator-authored policy rules.
Every LLM request logged with model, provider, verdict, score, latency, and token count. Filter and investigate.
5 roles, 32 permissions, session-based auth, progressive lockout, passkeys, GitHub OAuth, and magic links.
Append-only audit events with actor, action, reason, searchable evidence, exports, and configurable retention controls.
Emergency shield bypass with stated reason, time limit, and full lifecycle audit. Tool of last resort.
Token usage by model, per-agent cost breakdown, anomaly detection. Know where your AI budget goes.
OpenClaw and Hermes routing plus Paperclip observability, with source-aware health, inventory, cost, and risk reporting.
Generate security summaries, cost analyses, and compliance evidence on demand. PDF, Markdown, or Excel.
A guided look at Mission Control, fleet visibility, shield activity, blast radius, audit, cost, and governance.
Traffic flows through the LiteLLM proxy. Prompts and responses are scanned by 163 built-in detections plus enabled policy rules. Blocking is enforced before unsafe traffic completes.
Some OAuth and session-bound provider paths are not routed through the proxy. The Session Watcher reads supported local session files and scans them after the fact. Threats are detected, not blocked.
ClawNex makes this distinction explicit so operators know what is protected live, what is observed later, and where the trust boundary actually sits.
Available now in Trust Audit and Blast Radius views.
Who can reach this agent, what they can make it do, and what happens if the trust model is wrong.
The public alpha is open source and self-hosted. Shipped, early-alpha, and roadmap capabilities are separated below so evaluation does not depend on future promises.
Federated authentication with your corporate identity provider
Local passwords, WebAuthn passkeys, GitHub OAuth, and email magic links
Define permission sets beyond the 5 built-in roles
The standalone agent reports heartbeat and inventory from remote OpenClaw or Hermes hosts. Remote control and inline relay are not enabled yet.
Security, incident, governance, and compliance-oriented reports and evidence exports
Lock sessions to originating IP for high-security environments
Apache 2.0 — use it, modify it, ship it.
Built for security operators and AI platform teams.
View on GitHubImportant releases and operator training updates. No spam.
Occasional product updates. Unsubscribe at any time.