Security layer for OpenClaw

AI agents, secured locally.
Your models. Your tools. Your machine.

Clawmont is the in-process security layer for OpenClaw — the local-first platform for running AI agents on your own computer. Four security pillars, hash-chained tamper-evident audit, keys that stay in your OS keychain. Bring any model — Claude, GPT-5, Gemini, Llama — and the tools you already use. Clawmont monitors every call through your gateway.

See it in action

Works with Claude GPT-5 Gemini Llama Gemma & any LLM via OpenRouter (DeepSeek, Mistral, Qwen, and more)

What OpenClaw does

The assistant you always wanted.
On hardware you already own.

One platform. Any model. Any tool. Running on the laptop in front of you — not someone else's cloud.

Automate the tedious stuff

Let an agent sort your inbox, draft replies, close tickets, spin up pull requests. Daily chores, off your plate.

Use any AI model

GPT-5, Claude, Gemini, Llama, Gemma, or a model you fine-tuned yourself. OpenClaw runs them side by side — switch at any time.

Connect to your tools

Slack, Discord, Telegram, Gmail, Notion, your filesystem. Plug them in through MCP. Your agent uses them like a teammate would.

Runs on your machine

Chat history, credentials, files, audit logs — all local. No vendor sees your prompts. No cloud subscription hiding behind "cloud-first" marketing.

The flip side

But AI agents have access
to everything.

An agent that can read your files can also leak them. An agent that can call an API can also send your keys somewhere that politely asks. Every tool you wire up is a path an attacker can try to walk.

Prompt injection

Someone hides instructions in a PR comment, a fetched web page, or a file. Your agent reads them and follows — without telling you.

Credential leaks

An agent that can read your code can also read ~/.aws/credentials. A single "paste these keys here" request is enough.

Unauthorized tool calls

rm -rf. curl | bash. DROP TABLE. Without a guardrail, every tool your agent has is a destructive command away.

The answer

That's why we built
Clawmont.

Clawmont is the security layer for OpenClaw — an in-process plugin that inspects every prompt, every tool call, and every file read before the model sees it. Four security pillars — input rail, tool dispatch, tool response, model output — each one independently bypass-tested against the OWASP LLM Top 10 and a 2,300-scenario red-team corpus.

01

Keys stay on your machine

Provider API keys are validated on-device. Never proxied. Never logged. Never shipped to a Clawmont server — not even for health checks.

02

Four security pillars

Input rail, tool dispatch, tool response, and model output — each one bypass-tested against the OWASP LLM Top 10 and a 2,300-scenario red-team corpus.

03

Tamper-evident audit

Every prompt, tool call, refusal, and redaction is hash-chained to disk. Any edit breaks the chain and Clawmont flags it on the next boot.

Who needs this most

If this is you,
an unguarded agent is a liability.

The teams that get burned usually aren't careless — they just never tested for the attack that hit them. Three setups where the risk is real:

Autonomous agents

You run agents unattended

Leave an agent running overnight and a single hidden instruction — buried in a fetched page, a PR comment, or a file it reads — can hijack its tools, exfiltrate data, or run destructive commands while you sleep. Clawmont inspects every prompt, tool call, and result in real time, so autonomous runs stop being a blind spot.

Commercial SaaS

You ship AI to paying customers

Once real users — and real attackers — reach your agent, one incident means leaked data, broken trust, and legal exposure. Clawmont is built to catch the attack families most teams never think to test for — prompt injection, secret extraction, tool hijacking — so a clever input is less likely to become an incident report.

Dev tools & MCP

You build MCP tools

Every tool that touches a file, an API, or a database is an attack surface. Clawmont guards each tool dispatch and inspects each response — designed to stop path traversal, command injection, and credential theft before they reach your systems.

See it in action

Someone tries something nasty.
Clawmont is built to catch it.

Pick an attack below. Watch the plugin catch these known patterns — locally, before they ever reach the model.

Try it live

Run a known attack pattern. See which pillar catches it.

Detection runs on our backend — paste any prompt, tool call, or path and the playground returns the same verdict that ships in production.

Clawmont inspects the payload and writes a hash-chained audit entry before the tool call reaches the model.

attacker > input

Presets auto-load. Free-text mode lets you paste any prompt, tool call, or file path you want to try.

clawmont > scan Ready
Ready
Pick a preset or type a payload.
Scan detail will show here.

Four security pillars — input rail, tool dispatch, tool response, model output — each independently bypass-tested against the OWASP LLM Top 10 and a 2,300-scenario red-team corpus. Methodology at security.clawmont.com.

Want the deep, developer-grade version with every pillar broken out? Open the full playground →

No security tool catches everything — read our honest limitations in the Security Disclaimer.

Premium add-on

Send every refusal
to your team.

Add Guardrails Monitoring at checkout — $9/mo bundled with any persona or Apex purchase. HMAC-signed end-to-end — the plugin keeps running locally, with every local security feature intact, even if you cancel.

Just want the monitoring, no persona? Get Guardrails Standalone — $19/mo →

Pricing

Pay once. Keys stay yours.

One-time license. All four security pillars on every tier. No subscription on the plugin itself.

Single persona

$30one-time

Pick one of four personas — Developer, Trader, SRE, or Researcher.

Developer Trader SRE Researcher pick one
  • Full Clawmont security layer — four pillars (input rail, tool dispatch, tool response, model output), each independently bypass-tested
  • Curated MCP + skill bundle locked to your role
  • Tamper-evident audit log + keys that never touch our servers
  • Upgrade to Apex later for $10 — no re-tier
Add Guardrails Monitoring +$9/mo
  • Real-time alerts to Slack, Discord, Telegram, or email
  • Searchable 90-day alert history (we host it for you)
  • Daily security digest

Bundled rate · Added during checkout · Cancel anytime

Pay now, choose your persona in onboarding. Upgrade to Apex later for $10.

Apex · all-access

$40one-time

Every persona, plus every future one.

Developer Trader SRE Researcher
  • All four personas — merged, deduplicated, locked to the strictest union
  • Most-restrictive security across the four-persona union
  • Coming first to Apex: supply-chain diff-audit + guardian-cron
  • Every future persona ships free
Add Guardrails Monitoring +$9/mo
  • Real-time alerts to Slack, Discord, Telegram, or email
  • Searchable 90-day alert history (we host it for you)
  • Daily security digest

Bundled rate · Added during checkout · Cancel anytime

One-time payment. All future personas included.

Get started in three minutes.

Pick a persona, click the email link, paste one install command. After that, Clawmont quietly monitors every AI call through your OpenClaw gateway.

Read the setup guide