clawmoat 0.7.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (178) hide show
  1. package/.dockerignore +9 -0
  2. package/CHANGELOG.md +18 -0
  3. package/CONTRIBUTING.md +4 -2
  4. package/DEMO.md +87 -0
  5. package/Dockerfile +5 -18
  6. package/README.md +294 -8
  7. package/SECURITY.md +58 -10
  8. package/THREAT_MODEL.md +129 -0
  9. package/agent/README.md +131 -0
  10. package/agent/index.js +471 -0
  11. package/agent/install-service.sh +94 -0
  12. package/agent/openclaw-hook.js +453 -0
  13. package/agent/provider-setup.js +649 -0
  14. package/agent/setup.js +274 -0
  15. package/assets/BADGE-USAGE.md +20 -0
  16. package/assets/clawmoat-badge.svg +21 -0
  17. package/bin/clawmoat.js +468 -111
  18. package/docs/affiliates/dashboard.html +124 -0
  19. package/docs/affiliates/index.html +236 -0
  20. package/docs/agent-install.html +183 -0
  21. package/docs/ai-agent-security-scanner.html +10 -6
  22. package/docs/badge/index.html +149 -0
  23. package/docs/badge/scanning.svg +23 -0
  24. package/docs/blog/386-malicious-skills.html +262 -0
  25. package/docs/blog/40000-exposed-openclaw-instances.html +201 -0
  26. package/docs/blog/agent-trust-protocol.html +198 -0
  27. package/docs/blog/ai-agent-earns-commissions.html +230 -0
  28. package/docs/blog/bugmageddon-agent-firewall.html +174 -0
  29. package/docs/blog/calculator-math.html +180 -0
  30. package/docs/blog/clawmoat-vs-llamafirewall-nemo-guardrails.html +229 -0
  31. package/docs/blog/host-guardian-launch.html +18 -8
  32. package/docs/blog/ibm-experts-agent-runtime-protection.html +247 -0
  33. package/docs/blog/index.html +211 -9
  34. package/docs/blog/langchain-security-tutorial.html +18 -8
  35. package/docs/blog/mcp-30-cves-security-crisis.html +286 -0
  36. package/docs/blog/meta-researcher-rogue-agent.html +201 -0
  37. package/docs/blog/microsoft-openclaw-workstation-security.html +235 -0
  38. package/docs/blog/nist-ai-agent-standards-clawmoat.html +377 -0
  39. package/docs/blog/oasis-websocket-hijack.html +212 -0
  40. package/docs/blog/ollama-openclaw-security.html +160 -0
  41. package/docs/blog/openclaw-enterprise-readiness-claw10.html +199 -0
  42. package/docs/blog/openclaw-security-reckoning-2026.html +368 -0
  43. package/docs/blog/owasp-agentic-ai-top10.html +18 -8
  44. package/docs/blog/securing-ai-agents.html +18 -8
  45. package/docs/blog/supply-chain-agents.html +18 -8
  46. package/docs/business/index.html +525 -0
  47. package/docs/business/install.html +261 -0
  48. package/docs/checklist.html +174 -0
  49. package/docs/compare/index.html +122 -0
  50. package/docs/compare/lakera/index.html +62 -0
  51. package/docs/compare/llm-guard/index.html +49 -0
  52. package/docs/compare/snyk-agent-scan/index.html +63 -0
  53. package/docs/compare.html +10 -6
  54. package/docs/dashboard/index.html +520 -0
  55. package/docs/finance/index.html +220 -0
  56. package/docs/guides/business-deployment.html +770 -0
  57. package/docs/hall-of-fame.html +174 -0
  58. package/docs/index.html +447 -154
  59. package/docs/install.sh +557 -0
  60. package/docs/integrations/langchain.html +14 -6
  61. package/docs/integrations/openai.html +14 -6
  62. package/docs/integrations/openclaw.html +55 -7
  63. package/docs/plans/2026-03-26-threat-intel-api.md +255 -0
  64. package/docs/plans/2026-04-14-bugmageddon-marketing-pack.md +329 -0
  65. package/docs/plans/2026-04-14-clawmoat-v1-bugmageddon.md +248 -0
  66. package/docs/plans/2026-04-14-v1-release-update.md +91 -0
  67. package/docs/plans/2026-04-19-supabase-audit.md +68 -0
  68. package/docs/plans/2026-05-12-sales-push.md +303 -0
  69. package/docs/playground/index.html +893 -0
  70. package/docs/playground.html +4 -7
  71. package/docs/privacy-policy/index.html +122 -0
  72. package/docs/rfcs/defense-in-depth.md +467 -0
  73. package/docs/scan/index.html +358 -0
  74. package/docs/services/case-study.html +255 -0
  75. package/docs/services/downloads/install-openclaw.bat +45 -0
  76. package/docs/services/downloads/install-openclaw.command +38 -0
  77. package/docs/services/downloads/install-openclaw.sh +38 -0
  78. package/docs/services/get-started.html +165 -0
  79. package/docs/services/index.html +598 -0
  80. package/docs/services/multi-agent-security.html +284 -0
  81. package/docs/services/one-pager.html +99 -0
  82. package/docs/services/pitch-deck.html +229 -0
  83. package/docs/services/roi-calculator.html +258 -0
  84. package/docs/sitemap.xml +192 -2
  85. package/docs/support/index.html +135 -0
  86. package/docs/templates/customer-service/HEARTBEAT.md +61 -0
  87. package/docs/templates/customer-service/MEMORY.md +89 -0
  88. package/docs/templates/customer-service/SOUL.md +41 -0
  89. package/docs/templates/customer-service/USER.md +56 -0
  90. package/docs/templates/executive/HEARTBEAT.md +86 -0
  91. package/docs/templates/executive/MEMORY.md +92 -0
  92. package/docs/templates/executive/SOUL.md +44 -0
  93. package/docs/templates/executive/USER.md +62 -0
  94. package/docs/templates/finance/HEARTBEAT.md +58 -0
  95. package/docs/templates/finance/MEMORY.md +87 -0
  96. package/docs/templates/finance/SOUL.md +38 -0
  97. package/docs/templates/finance/USER.md +53 -0
  98. package/docs/templates/index.html +115 -0
  99. package/docs/templates/operations/HEARTBEAT.md +63 -0
  100. package/docs/templates/operations/MEMORY.md +68 -0
  101. package/docs/templates/operations/SOUL.md +38 -0
  102. package/docs/templates/operations/USER.md +49 -0
  103. package/docs/templates/sales/HEARTBEAT.md +55 -0
  104. package/docs/templates/sales/MEMORY.md +89 -0
  105. package/docs/templates/sales/SOUL.md +34 -0
  106. package/docs/templates/sales/USER.md +54 -0
  107. package/docs/terms-of-service/index.html +122 -0
  108. package/eslint.config.js +32 -0
  109. package/evals/README.md +29 -0
  110. package/evals/cases.json +390 -0
  111. package/evals/results.md +68 -0
  112. package/evals/run.js +180 -0
  113. package/examples/basic-usage.js +38 -0
  114. package/examples/demo-attack/demo.js +186 -0
  115. package/examples/python-quickstart/README.md +54 -0
  116. package/examples/python-quickstart/clawmoat_client.py +167 -0
  117. package/examples/video-demo/README.md +14 -0
  118. package/examples/video-demo/scene-a-normal.js +29 -0
  119. package/examples/video-demo/scene-b-attack-arrives.js +31 -0
  120. package/examples/video-demo/scene-c-hijack.js +44 -0
  121. package/examples/video-demo/scene-d-clawmoat.js +46 -0
  122. package/integrations/crewai/README.md +32 -0
  123. package/integrations/crewai/clawmoat_crewai/__init__.py +17 -0
  124. package/integrations/crewai/clawmoat_crewai/guard.py +103 -0
  125. package/integrations/crewai/pyproject.toml +21 -0
  126. package/integrations/langchain/README.md +91 -0
  127. package/integrations/langchain/clawmoat_langchain/__init__.py +17 -0
  128. package/integrations/langchain/clawmoat_langchain/callback.py +489 -0
  129. package/integrations/langchain/pyproject.toml +32 -0
  130. package/integrations/litellm/README.md +324 -0
  131. package/integrations/litellm/clawmoat_litellm/__init__.py +21 -0
  132. package/integrations/litellm/clawmoat_litellm/callback.py +329 -0
  133. package/integrations/litellm/clawmoat_litellm/proxy_middleware.py +224 -0
  134. package/integrations/litellm/pyproject.toml +74 -0
  135. package/integrations/openai-agents/README.md +392 -0
  136. package/integrations/openai-agents/clawmoat_openai_agents/__init__.py +20 -0
  137. package/integrations/openai-agents/clawmoat_openai_agents/guardrail.py +431 -0
  138. package/integrations/openai-agents/clawmoat_openai_agents/middleware.py +311 -0
  139. package/integrations/openai-agents/pyproject.toml +76 -0
  140. package/package.json +6 -5
  141. package/plugins/openclaw-adapter/PHASE1.md +439 -0
  142. package/plugins/openclaw-adapter/README.md +103 -0
  143. package/plugins/openclaw-adapter/SPEC.md +1644 -0
  144. package/plugins/openclaw-adapter/package.json +31 -0
  145. package/plugins/openclaw-adapter/src/index.test.ts +226 -0
  146. package/plugins/openclaw-adapter/src/index.ts +140 -0
  147. package/plugins/openclaw-adapter/tsconfig.json +14 -0
  148. package/server/data/threats.json +290 -0
  149. package/server/index.js +224 -10
  150. package/src/adapters/express.js +161 -0
  151. package/src/adapters/index.js +92 -0
  152. package/src/adapters/langchain.js +185 -0
  153. package/src/approval/index.js +456 -0
  154. package/src/ban-scanner.js +200 -0
  155. package/src/boundary-scanner.js +296 -0
  156. package/src/ci-scanner.js +279 -0
  157. package/src/code-scanner.js +245 -0
  158. package/src/enforce.js +166 -0
  159. package/src/finance/index.js +585 -0
  160. package/src/finance/mcp-firewall.js +486 -0
  161. package/src/formatters/json.js +80 -0
  162. package/src/formatters/sarif.js +388 -0
  163. package/src/guardian/alerts.js +34 -3
  164. package/src/guardian/gateway-monitor.js +590 -0
  165. package/src/guardian/index.js +41 -2
  166. package/src/index.js +105 -0
  167. package/src/integrations/agentmesh.js +501 -0
  168. package/src/language-detector.js +201 -0
  169. package/src/mcp-scanner.js +253 -0
  170. package/src/multimodal/index.js +579 -0
  171. package/src/obfuscation-scanner.js +457 -0
  172. package/src/policy-engine.js +402 -0
  173. package/src/scanners/dependency-attacks.js +128 -0
  174. package/src/scanners/prompt-injection.js +18 -0
  175. package/src/scanners/supply-chain.js +14 -0
  176. package/src/templates/default-config.yml +90 -0
  177. package/src/vuln-ops/exploitability.js +46 -0
  178. package/src/watch/live-monitor.js +720 -0
package/docs/blog/oasis-websocket-hijack.html ADDED
@@ -0,0 +1,212 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>Any Website Can Hijack Your OpenClaw Agent — How ClawMoat Detects It | ClawMoat</title>
7
+ <meta name="description" content="Oasis Security found a zero-click attack: any website can take full control of your OpenClaw agent via WebSocket. ClawMoat v0.7.1 now detects this attack.">
8
+ <meta property="og:title" content="Any Website Can Hijack Your OpenClaw Agent — How to Detect and Prevent It">
9
+ <meta property="og:description" content="Oasis Security found a zero-click WebSocket hijack. ClawMoat v0.7.1 adds gateway monitoring to detect brute-force attacks and unauthorized device pairings.">
10
+ <meta property="og:type" content="article">
11
+ <meta property="og:url" content="https://clawmoat.com/blog/oasis-websocket-hijack.html">
12
+ <link rel="canonical" href="https://clawmoat.com/blog/oasis-websocket-hijack.html">
13
+ <style>
14
+ :root { --bg: #0a0a0f; --fg: #e0e0e8; --accent: #00d4aa; --muted: #888; --card: #14141f; --red: #ff4444; }
15
+ * { margin:0; padding:0; box-sizing:border-box; }
16
+ body { background:var(--bg); color:var(--fg); font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif; line-height:1.7; }
17
+ .container { max-width:740px; margin:0 auto; padding:2rem 1.5rem; }
18
+ h1 { font-size:2.2rem; line-height:1.2; margin-bottom:.5rem; }
19
+ .meta { color:var(--muted); margin-bottom:2rem; }
20
+ h2 { color:var(--accent); margin:2rem 0 1rem; font-size:1.5rem; }
21
+ h3 { margin:1.5rem 0 .75rem; font-size:1.2rem; }
22
+ p { margin-bottom:1rem; }
23
+ a { color:var(--accent); }
24
+ code { background:#1a1a2e; padding:.15em .4em; border-radius:4px; font-size:.9em; }
25
+ pre { background:#1a1a2e; padding:1.25rem; border-radius:8px; overflow-x:auto; margin:1rem 0; }
26
+ pre code { background:none; padding:0; }
27
+ blockquote { border-left:3px solid var(--accent); padding-left:1rem; margin:1rem 0; color:#bbb; font-style:italic; }
28
+ .warning { background:#2a1a1a; border:1px solid var(--red); border-radius:8px; padding:1.25rem; margin:1.5rem 0; }
29
+ .warning h3 { color:var(--red); margin-top:0; }
30
+ .cta { background:var(--accent); color:#000; padding:.75rem 1.5rem; border-radius:6px; text-decoration:none; font-weight:600; display:inline-block; margin:1rem .5rem 1rem 0; }
31
+ .cta-outline { border:1px solid var(--accent); color:var(--accent); background:transparent; padding:.75rem 1.5rem; border-radius:6px; text-decoration:none; font-weight:600; display:inline-block; margin:1rem 0; }
32
+ ul, ol { margin:0 0 1rem 1.5rem; }
33
+ li { margin-bottom:.5rem; }
34
+ .nav { padding:1rem 0; border-bottom:1px solid #2a2a3a; margin-bottom:2rem; }
35
+ .nav a { color:var(--fg); text-decoration:none; margin-right:1.5rem; }
36
+ .nav a:hover { color:var(--accent); }
37
+ .attack-chain { background:var(--card); border:1px solid #2a2a3a; border-radius:8px; padding:1.5rem; margin:1.5rem 0; }
38
+ .attack-step { display:flex; align-items:flex-start; margin:.75rem 0; }
39
+ .step-num { background:var(--red); color:#fff; width:28px; height:28px; border-radius:50%; display:flex; align-items:center; justify-content:center; font-weight:bold; font-size:.85rem; flex-shrink:0; margin-right:12px; margin-top:2px; }
40
+ .step-text { flex:1; }
41
+ .new-badge { background:var(--accent); color:#000; padding:2px 8px; border-radius:4px; font-size:.75rem; font-weight:bold; }
42
+ table { width:100%; border-collapse:collapse; margin:1rem 0; }
43
+ th, td { padding:.6rem .8rem; text-align:left; border-bottom:1px solid #2a2a3a; }
44
+ th { color:var(--accent); font-weight:600; }
45
+ </style>
46
+ </head>
47
+ <body>
48
+ <div class="container">
49
+ <nav>
50
+ <div class="container">
51
+ <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
52
+ <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
53
+ <div class="nav-links">
54
+ <a href="/">Security</a>
55
+ <a href="/services/">AI Agents</a>
56
+ <a href="/blog/">Blog</a>
57
+ <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
58
+ </div>
59
+ </div>
60
+ </nav>
61
+
62
+ <article>
63
+ <h1>Any Website Can Hijack Your OpenClaw Agent — and ClawMoat Now Detects It</h1>
64
+ <p class="meta">February 27, 2026 · 8 min read · <span class="new-badge">v0.7.1</span></p>
65
+
66
+ <div class="warning">
67
+ <h3>🚨 Critical Vulnerability Disclosed</h3>
68
+ <p>Oasis Security published research showing that <strong>any website can silently take full control of an OpenClaw agent</strong> running on localhost. No plugins, no extensions, no user interaction required. <a href="https://www.oasis.security/blog/openclaw-vulnerability">Full research →</a></p>
69
+ </div>
70
+
71
+ <p>This is the most serious OpenClaw vulnerability disclosed to date. Unlike previous attacks that required exposed ports, malicious skills, or crafted messages, this one requires <strong>nothing except visiting a website</strong>.</p>
72
+
73
+ <p>We've shipped ClawMoat v0.7.1 with a new <code>GatewayMonitor</code> module specifically designed to detect this attack pattern.</p>
74
+
75
+ <h2>The Attack Chain</h2>
76
+
77
+ <div class="attack-chain">
78
+ <div class="attack-step"><div class="step-num">1</div><div class="step-text">Developer has OpenClaw running on localhost (the default setup)</div></div>
79
+ <div class="attack-step"><div class="step-num">2</div><div class="step-text">Developer visits any malicious or compromised website</div></div>
80
+ <div class="attack-step"><div class="step-num">3</div><div class="step-text">JavaScript opens a WebSocket to localhost on OpenClaw's gateway port — <strong>browsers don't enforce CORS on WebSocket connections</strong></div></div>
81
+ <div class="attack-step"><div class="step-num">4</div><div class="step-text">Script brute-forces the gateway password at hundreds of attempts/second — <strong>the rate limiter exempts localhost connections</strong></div></div>
82
+ <div class="attack-step"><div class="step-num">5</div><div class="step-text">Once authenticated, registers as a trusted device — <strong>gateway auto-approves pairings from localhost</strong></div></div>
83
+ <div class="attack-step"><div class="step-num">6</div><div class="step-text"><strong>Full agent takeover:</strong> read messages, exfiltrate files, execute shell commands on any paired device</div></div>
84
+ </div>
85
+
86
+ <p>Oasis Security <a href="https://www.youtube.com/watch?v=A15fuHs7fOc">demonstrated this end-to-end</a> — from a browser tab to full agent control in seconds.</p>
87
+
88
+ <h2>Three Failures That Enable the Attack</h2>
89
+
90
+ <ol>
91
+ <li><strong>No rate limiting on localhost</strong> — The gateway's rate limiter exempts connections from 127.0.0.1, allowing unlimited brute-force attempts</li>
92
+ <li><strong>Auto-approve localhost pairings</strong> — New device registrations from localhost are automatically approved without user confirmation</li>
93
+ <li><strong>WebSocket to localhost is unrestricted</strong> — Browsers don't enforce same-origin policy on WebSocket connections to localhost</li>
94
+ </ol>
95
+
96
+ <p>Each alone would be a concern. Combined, they create a zero-click full takeover from any browser tab.</p>
97
+
98
+ <h2>How ClawMoat v0.7.1 Detects This</h2>
99
+
100
+ <p>We shipped a new <code>GatewayMonitor</code> module with four detection capabilities:</p>
101
+
102
+ <h3>1. Brute-Force Detection</h3>
103
+
104
+ <pre><code>const { GatewayMonitor } = require('clawmoat');
105
+ const monitor = new GatewayMonitor({
106
+ bruteForceThreshold: 10, // Alert after 10 failed attempts
107
+ bruteForceWindowMs: 60000, // Within 60 seconds
108
+ onAlert: (alert) => {
109
+ console.error('🚨 SECURITY ALERT:', alert.message);
110
+ // Send to webhook, Slack, Discord, etc.
111
+ }
112
+ });
113
+
114
+ // Hook into your gateway auth handler
115
+ monitor.recordAuthAttempt({
116
+ source: req.ip,
117
+ success: false,
118
+ origin: req.headers.origin // Detects cross-origin attacks
119
+ });</code></pre>
120
+
121
+ <p>The monitor tracks authentication attempts per source and time window. When the threshold is exceeded, it fires a <code>brute_force_detected</code> alert with severity <code>critical</code>.</p>
122
+
123
+ <h3>2. Suspicious WebSocket Origin Detection</h3>
124
+
125
+ <p>The key insight from the Oasis research: the attack comes via a WebSocket from a <em>different</em> website. ClawMoat flags any WebSocket connection with a non-localhost origin:</p>
126
+
127
+ <pre><code>// Automatically flagged as suspicious:
128
+ // Origin: https://evil-site.com → WebSocket to localhost:18789
129
+ // Alert: "WebSocket connection from suspicious origin"</code></pre>
130
+
131
+ <h3>3. Device Pairing Alerts</h3>
132
+
133
+ <pre><code>monitor.recordDevicePairing({
134
+ deviceId: 'unknown-device-xyz',
135
+ source: 'localhost',
136
+ autoApproved: true
137
+ });
138
+ // → CRITICAL alert: "Localhost auto-approve is the exact vector
139
+ // used in the Oasis WebSocket hijack"</code></pre>
140
+
141
+ <h3>4. Gateway Configuration Audit</h3>
142
+
143
+ <pre><code>const audit = monitor.auditGatewayConfig();
144
+ // Checks for:
145
+ // - Weak/missing gateway password
146
+ // - Binding to all interfaces (0.0.0.0)
147
+ // - Auto-approve enabled
148
+ // - Localhost exempt from rate limiting
149
+ // - Default port usage
150
+
151
+ console.log('Security score:', audit.score + '/100');
152
+ console.log('Oasis vulnerable:', audit.oasisVulnerable);</code></pre>
153
+
154
+ <h2>What You Should Do Right Now</h2>
155
+
156
+ <h3>Immediate (5 minutes)</h3>
157
+
158
+ <ol>
159
+ <li><strong>Change your gateway password</strong> to 32+ characters:
160
+ <pre><code>node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"</code></pre>
161
+ </li>
162
+ <li><strong>Check for unknown paired devices</strong> in your OpenClaw dashboard</li>
163
+ <li><strong>Disable auto-approve</strong> for device pairings</li>
164
+ </ol>
165
+
166
+ <h3>Short-term (this week)</h3>
167
+
168
+ <ol>
169
+ <li>Install ClawMoat for monitoring:
170
+ <pre><code>npm install clawmoat@0.7.1</code></pre>
171
+ </li>
172
+ <li>Bind to a Tailscale/VPN IP instead of localhost</li>
173
+ <li>Use a non-default gateway port</li>
174
+ <li>Enable rate limiting for ALL connections, including localhost</li>
175
+ </ol>
176
+
177
+ <h3>Generate a hardened config</h3>
178
+
179
+ <pre><code>const { GatewayMonitor } = require('clawmoat');
180
+ const config = GatewayMonitor.getHardenedConfig();
181
+ console.log(JSON.stringify(config, null, 2));
182
+ // Outputs config with:
183
+ // - 64-char random token
184
+ // - Non-default port
185
+ // - Auto-approve disabled
186
+ // - Localhost rate limiting enabled</code></pre>
187
+
188
+ <h2>The Bigger Picture: Four Attack Vectors in One Month</h2>
189
+
190
+ <table>
191
+ <tr><th>Attack</th><th>Vector</th><th>Impact</th><th>ClawMoat Detection</th></tr>
192
+ <tr><td>CVE-2026-25253</td><td>Crafted link</td><td>Full RCE</td><td>CVE verifier</td></tr>
193
+ <tr><td>ClawHavoc</td><td>Supply chain</td><td>824+ malicious skills</td><td>Skill integrity checker</td></tr>
194
+ <tr><td>40K exposed</td><td>Misconfiguration</td><td>Full remote access</td><td>Gateway audit</td></tr>
195
+ <tr><td><strong>Oasis hijack</strong></td><td><strong>Any website</strong></td><td><strong>Full agent takeover</strong></td><td><strong>Gateway monitor (v0.7.1)</strong></td></tr>
196
+ </table>
197
+
198
+ <p>The vulnerability disclosure rate is outpacing fixes. Runtime monitoring is no longer optional — it's the difference between knowing you've been compromised and finding out months later.</p>
199
+
200
+ <h2>205 Tests. Zero Dependencies. One npm Install.</h2>
201
+
202
+ <pre><code>npm install clawmoat</code></pre>
203
+
204
+ <p>ClawMoat v0.7.1 includes the new GatewayMonitor alongside all existing protections: permission tiers, forbidden zone enforcement, credential monitoring, skill integrity checking, network egress logging, insider threat detection, and inter-agent message scanning.</p>
205
+
206
+ <a href="https://github.com/darfaz/clawmoat" class="cta">View on GitHub</a>
207
+ <a href="/blog/40000-exposed-openclaw-instances.html" class="cta-outline">40K Exposed Instances →</a>
208
+
209
+ </article>
210
+ </div>
211
+ </body>
212
+ </html>
package/docs/blog/ollama-openclaw-security.html ADDED
@@ -0,0 +1,160 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>Ollama Just Made OpenClaw One-Click. Here's How to Secure It. | ClawMoat</title>
7
+ <meta name="description" content="Ollama 0.17 ships native OpenClaw integration. Great for adoption — terrifying for security. Here's what you need to know.">
8
+ <meta property="og:title" content="Ollama Just Made OpenClaw One-Click. Here's How to Secure It.">
9
+ <meta property="og:description" content="Ollama 0.17 ships native OpenClaw integration with web search. More installs = more exposed hosts. Here's how to lock it down.">
10
+ <link rel="canonical" href="https://clawmoat.com/blog/ollama-openclaw-security.html">
11
+ <style>
12
+ :root{--bg:#0a0a0f;--fg:#e0e0e8;--accent:#00d4aa;--muted:#888;--card:#14141f;--red:#ff4444}
13
+ *{margin:0;padding:0;box-sizing:border-box}
14
+ body{background:var(--bg);color:var(--fg);font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;line-height:1.8}
15
+ .container{max-width:750px;margin:0 auto;padding:2rem 1.5rem}
16
+ nav{padding:1rem 0;border-bottom:1px solid #2a2a3a;margin-bottom:2rem}
17
+ nav a{color:var(--fg);text-decoration:none;margin-right:1.5rem}
18
+ nav a:hover{color:var(--accent)}
19
+ h1{font-size:2.2rem;line-height:1.2;margin-bottom:1rem}
20
+ h2{color:var(--accent);margin:2rem 0 1rem;font-size:1.5rem}
21
+ h3{margin:1.5rem 0 .75rem}
22
+ p{margin-bottom:1rem}
23
+ a{color:var(--accent)}
24
+ pre{background:#1a1a2e;padding:1.25rem;border-radius:8px;overflow-x:auto;margin:1rem 0}
25
+ code{background:#1a1a2e;padding:.15em .4em;border-radius:4px;font-size:.9em}
26
+ pre code{background:none;padding:0}
27
+ .meta{color:var(--muted);margin-bottom:2rem}
28
+ .alert{background:#2a1a1a;border-left:4px solid var(--red);padding:1rem 1.25rem;margin:1.5rem 0;border-radius:0 8px 8px 0}
29
+ .tip{background:#1a2a1a;border-left:4px solid var(--accent);padding:1rem 1.25rem;margin:1.5rem 0;border-radius:0 8px 8px 0}
30
+ ul,ol{margin:1rem 0 1rem 1.5rem}
31
+ li{margin-bottom:.5rem}
32
+ blockquote{border-left:3px solid var(--muted);padding-left:1rem;color:var(--muted);margin:1rem 0}
33
+ .cta{background:var(--accent);color:#000;padding:.75rem 1.5rem;border-radius:6px;text-decoration:none;font-weight:700;display:inline-block;margin:1rem .5rem 1rem 0}
34
+ </style>
35
+ </head>
36
+ <body>
37
+ <div class="container">
38
+ <nav>
39
+ <div class="container">
40
+ <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
41
+ <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
42
+ <div class="nav-links">
43
+ <a href="/">Security</a>
44
+ <a href="/services/">AI Agents</a>
45
+ <a href="/blog/">Blog</a>
46
+ <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
47
+ </div>
48
+ </div>
49
+ </nav>
50
+
51
+ <h1>Ollama Just Made OpenClaw One-Click. Here's How to Secure It.</h1>
52
+ <p class="meta">February 27, 2026 · 5 min read</p>
53
+
54
+ <p>Ollama 0.17 just shipped <strong>native OpenClaw integration</strong> with web search out of the box. Two commands and you have a personal AI agent running on your machine with local models.</p>
55
+
56
+ <p>This is great for adoption. It's terrifying for security.</p>
57
+
58
+ <h2>What Ollama 0.17 Does</h2>
59
+
60
+ <p>Ollama's latest release lets you set up OpenClaw to work with open models (Llama, Mistral, DeepSeek, etc.) and web search. No cloud API keys needed. Fully local inference.</p>
61
+
62
+ <pre><code>ollama launch openclaw</code></pre>
63
+
64
+ <p>That's it. One command. You now have an AI agent that can:</p>
65
+ <ul>
66
+ <li>Send emails on your behalf</li>
67
+ <li>Manage your calendar</li>
68
+ <li>Read and write files on your machine</li>
69
+ <li>Execute shell commands</li>
70
+ <li>Search the web</li>
71
+ <li>Connect to WhatsApp, Telegram, iMessage</li>
72
+ </ul>
73
+
74
+ <p>All running with <strong>your user permissions</strong>. On <strong>your actual machine</strong>.</p>
75
+
76
+ <h2>Why This Is a Security Problem</h2>
77
+
78
+ <div class="alert">
79
+ <strong>⚠️ The Ollama + OpenClaw combo inherits every OpenClaw vulnerability.</strong> Local models don't fix host-level security.
80
+ </div>
81
+
82
+ <p>Running local models solves one problem (data doesn't leave your machine) but creates a false sense of security. Here's what's still exposed:</p>
83
+
84
+ <h3>1. Your Entire Filesystem</h3>
85
+ <p>The agent runs as your user. It can read <code>~/.ssh</code>, <code>~/.aws</code>, browser cookies, crypto wallets, tax documents — everything you can access.</p>
86
+
87
+ <h3>2. The WebSocket Hijack (CVE-2026-25253)</h3>
88
+ <p>OpenClaw's gateway listens on localhost WebSocket. <a href="/blog/oasis-websocket-hijack.html">Oasis Security proved</a> any website can brute-force the port and take full control of your agent. Local models don't change this — the gateway architecture is the same.</p>
89
+
90
+ <h3>3. Prompt Injection via Web Search</h3>
91
+ <p>Ollama 0.17 adds web search. That means the agent fetches content from the internet and processes it. A malicious webpage can embed prompt injection payloads that hijack the agent's behavior. Now your "local" agent is executing attacker instructions.</p>
92
+
93
+ <h3>4. Skill Supply Chain</h3>
94
+ <p>OpenClaw skills are npm packages or GitHub repos. <a href="/blog/40000-exposed-openclaw-instances.html">341+ malicious skills</a> have been documented. A compromised skill runs with full access to your system.</p>
95
+
96
+ <h3>5. No Permission Boundaries</h3>
97
+ <p>OpenClaw has no concept of "this agent can read files but not execute commands" or "this agent can access the calendar but not SSH keys." It's all-or-nothing.</p>
98
+
99
+ <h2>The One-Click Problem</h2>
100
+
101
+ <p>When something is easy to install, people don't think about security. Ollama's user base is developers and tinkerers who want to run AI locally — they're not enterprise security teams. They'll run <code>ollama launch openclaw</code>, connect it to WhatsApp, and forget about it.</p>
102
+
103
+ <blockquote>Microsoft: "OpenClaw should be treated as untrusted code execution with persistent credentials. It is not appropriate to run on a standard personal or enterprise workstation."</blockquote>
104
+
105
+ <p>Now Ollama is making it trivial to do exactly what Microsoft says not to do.</p>
106
+
107
+ <h2>How to Secure Your Ollama + OpenClaw Setup</h2>
108
+
109
+ <div class="tip">
110
+ <strong>✅ ClawMoat adds the security layer that Ollama + OpenClaw are missing.</strong>
111
+ </div>
112
+
113
+ <pre><code>npm install -g clawmoat</code></pre>
114
+
115
+ <h3>1. Set Up Permission Tiers</h3>
116
+ <pre><code>const { HostGuardian } = require('clawmoat');
117
+ const guardian = new HostGuardian({
118
+ mode: 'standard', // observer → worker → standard → full
119
+ workspace: '~/openclaw-workspace',
120
+ forbiddenZones: ['~/.ssh', '~/.aws', '~/.gnupg'],
121
+ });</code></pre>
122
+
123
+ <h3>2. Monitor Network Egress</h3>
124
+ <pre><code>const { NetworkEgressLogger } = require('clawmoat');
125
+ const logger = new NetworkEgressLogger();
126
+ // Blocks requests to cloud metadata, private IPs, known-bad domains
127
+ // Alerts on unusual outbound connections</code></pre>
128
+
129
+ <h3>3. Scan Skills Before Installing</h3>
130
+ <pre><code># Audit all installed skills for suspicious patterns
131
+ npx clawmoat skill-audit ~/.openclaw/skills/</code></pre>
132
+
133
+ <h3>4. Detect WebSocket Hijack Attempts</h3>
134
+ <pre><code>const { GatewayMonitor } = require('clawmoat');
135
+ const monitor = new GatewayMonitor();
136
+ // Detects brute-force port scanning, suspicious WS origins,
137
+ // unauthorized device pairing attempts</code></pre>
138
+
139
+ <h3>5. Protect Financial Data</h3>
140
+ <pre><code>const { FinanceGuard } = require('clawmoat');
141
+ const guard = new FinanceGuard();
142
+ // Blocks access to crypto wallets, banking files, tax documents
143
+ // Redacts financial secrets in agent output</code></pre>
144
+
145
+ <h2>The Bottom Line</h2>
146
+
147
+ <p>Ollama 0.17 is going to put OpenClaw on thousands of new machines. Most of those machines won't have any security layer between the agent and the host.</p>
148
+
149
+ <p><strong>If you're going to run OpenClaw — with Ollama or otherwise — run it with a security moat.</strong></p>
150
+
151
+ <p>
152
+ <a href="https://github.com/darfaz/clawmoat" class="cta">⭐ Star on GitHub</a>
153
+ <a href="/#pricing" class="cta" style="background:#1a1a2e;color:var(--accent);border:2px solid var(--accent)">Get Started Free</a>
154
+ </p>
155
+
156
+ <p style="color:var(--muted);margin-top:2rem;font-size:.9rem">ClawMoat is open-source (MIT), zero dependencies, 277 tests passing. Works with any OpenClaw deployment — cloud, local, or Ollama.</p>
157
+
158
+ </div>
159
+ </body>
160
+ </html>
package/docs/blog/openclaw-enterprise-readiness-claw10.html ADDED
@@ -0,0 +1,199 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>OpenClaw Scores 1.2/5 for Enterprise Readiness. Here's How to Fix 4 of the 10 Gaps. | ClawMoat Blog</title>
7
+ <meta name="description" content="Onyx AI's CLAW-10 framework scored OpenClaw 1.2 out of 5 for enterprise readiness. ClawMoat directly addresses 4 of the 10 gaps: authorization, audit logging, privilege model, and supply chain security.">
8
+ <meta name="keywords" content="OpenClaw enterprise readiness, CLAW-10 framework, AI agent enterprise security, OpenClaw compliance, ClawMoat enterprise, OpenClaw authorization, OpenClaw audit trail">
9
+ <link rel="canonical" href="https://clawmoat.com/blog/openclaw-enterprise-readiness-claw10.html">
10
+ <meta property="og:title" content="OpenClaw Scores 1.2/5 for Enterprise Readiness. ClawMoat Fixes 4 of the 10 Gaps.">
11
+ <meta property="og:description" content="Onyx AI's CLAW-10 scored OpenClaw at 1.2/5. ClawMoat addresses authorization, audit logging, privilege model, and supply chain. Here's the mapping.">
12
+ <meta property="og:url" content="https://clawmoat.com/blog/openclaw-enterprise-readiness-claw10.html">
13
+ <meta property="og:type" content="article">
14
+ <link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🏰</text></svg>">
15
+ <style>
16
+ *{margin:0;padding:0;box-sizing:border-box}
17
+ :root{--navy:#0F172A;--navy-light:#1E293B;--navy-mid:#334155;--blue:#3B82F6;--emerald:#10B981;--white:#F8FAFC;--gray:#94A3B8;--red:#EF4444;--amber:#F59E0B}
18
+ body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.8}
19
+ a{color:var(--blue)}
20
+ .container{max-width:740px;margin:0 auto;padding:0 24px}
21
+ nav{background:rgba(15,23,42,.95);backdrop-filter:blur(12px);border-bottom:1px solid rgba(59,130,246,.15);padding:16px 0;position:fixed;top:0;left:0;right:0;z-index:100}
22
+ nav .container{display:flex;align-items:center;justify-content:space-between}
23
+ .logo{font-size:1.1rem;font-weight:700;color:var(--white);text-decoration:none}
24
+ .logo span{color:var(--emerald)}
25
+ nav a{color:var(--gray);font-size:.85rem;text-decoration:none}
26
+ nav a:hover{color:var(--white)}
27
+ article{padding:120px 0 80px}
28
+ .meta{color:var(--gray);font-size:.85rem;margin-bottom:32px}
29
+ h1{font-size:clamp(1.8rem,4vw,2.4rem);font-weight:800;line-height:1.2;margin-bottom:16px}
30
+ h2{font-size:1.3rem;font-weight:700;margin:40px 0 16px}
31
+ h3{font-size:1.05rem;font-weight:600;margin:28px 0 12px}
32
+ p{color:var(--gray);margin-bottom:20px;font-size:1rem}
33
+ table{width:100%;border-collapse:collapse;margin:24px 0;font-size:.9rem}
34
+ th{text-align:left;padding:12px;color:var(--gray);border-bottom:1px solid var(--navy-mid);font-size:.8rem;text-transform:uppercase;letter-spacing:.05em}
35
+ td{padding:12px;border-bottom:1px solid rgba(255,255,255,.05)}
36
+ .score{display:inline-block;padding:2px 10px;border-radius:12px;font-weight:700;font-size:.85rem}
37
+ .score-red{background:rgba(239,68,68,.15);color:var(--red)}
38
+ .score-amber{background:rgba(245,158,11,.15);color:var(--amber)}
39
+ .score-green{background:rgba(16,185,129,.15);color:var(--emerald)}
40
+ blockquote{border-left:3px solid var(--blue);padding:16px 24px;margin:24px 0;background:var(--navy-light);border-radius:0 8px 8px 0}
41
+ blockquote p{color:var(--white);margin:0;font-style:italic}
42
+ blockquote cite{display:block;color:var(--gray);font-size:.85rem;margin-top:8px;font-style:normal}
43
+ code{background:var(--navy-light);padding:2px 6px;border-radius:4px;font-size:.9rem;color:var(--emerald)}
44
+ pre{background:#0a0e17;border:1px solid var(--navy-mid);border-radius:8px;padding:20px;overflow-x:auto;margin:24px 0;font-size:.85rem}
45
+ pre code{background:none;padding:0}
46
+ ul,ol{color:var(--gray);margin:0 0 20px 24px}
47
+ li{margin-bottom:8px}
48
+ .cta{background:linear-gradient(135deg,rgba(16,185,129,.1),rgba(59,130,246,.1));border:1px solid rgba(16,185,129,.2);border-radius:12px;padding:32px;text-align:center;margin:48px 0}
49
+ .cta h3{margin:0 0 12px;color:var(--white)}
50
+ .cta p{margin:0 0 20px}
51
+ .cta a{display:inline-block;background:var(--emerald);color:#fff;padding:12px 28px;border-radius:8px;font-weight:600;text-decoration:none}
52
+ </style>
53
+ </head>
54
+ <body>
55
+ <nav>
56
+ <div class="container">
57
+ <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
58
+ <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
59
+ <div class="nav-links">
60
+ <a href="/">Security</a>
61
+ <a href="/services/">AI Agents</a>
62
+ <a href="/blog/">Blog</a>
63
+ <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
64
+ </div>
65
+ </div>
66
+ </nav>
67
+
68
+ <article>
69
+ <div class="container">
70
+ <div class="meta">February 26, 2026 · 6 min read · By the ClawMoat Team</div>
71
+ <h1>OpenClaw Scores 1.2/5 for Enterprise Readiness. Here's How to Fix 4 of the 10 Gaps.</h1>
72
+
73
+ <p style="font-size:1.1rem;color:var(--white)">Onyx AI just published the <a href="https://www.onyx.app/insights/openclaw-enterprise-evaluation-framework">CLAW-10 Enterprise Readiness Matrix</a> — the first structured framework for evaluating autonomous AI agents against enterprise requirements. OpenClaw scored <strong>1.2 out of 5</strong>. The enterprise-ready threshold is 4.0.</p>
74
+
75
+ <p>Every single dimension scored below the threshold. But here's the thing: 4 of those 10 gaps can be addressed today with a single npm install.</p>
76
+
77
+ <h2>The CLAW-10 Scores</h2>
78
+
79
+ <table>
80
+ <thead>
81
+ <tr><th>#</th><th>Dimension</th><th>OpenClaw Score</th><th>With ClawMoat</th><th>Threshold</th></tr>
82
+ </thead>
83
+ <tbody>
84
+ <tr><td>1</td><td>Identity & Authentication</td><td><span class="score score-red">1/5</span></td><td><span class="score score-red">1/5</span></td><td>4</td></tr>
85
+ <tr><td>2</td><td><strong>Authorization & Access Control</strong></td><td><span class="score score-red">1/5</span></td><td><span class="score score-amber">3/5</span></td><td>4.5</td></tr>
86
+ <tr><td>3</td><td><strong>Audit Logging & Observability</strong></td><td><span class="score score-amber">2/5</span></td><td><span class="score score-green">4/5</span></td><td>4.5</td></tr>
87
+ <tr><td>4</td><td>Data Isolation & Residency</td><td><span class="score score-red">1/5</span></td><td><span class="score score-red">1.5/5</span></td><td>4</td></tr>
88
+ <tr><td>5</td><td>Execution Sandboxing</td><td><span class="score score-red">1/5</span></td><td><span class="score score-amber">2/5</span></td><td>4.5</td></tr>
89
+ <tr><td>6</td><td>Compliance Certifications</td><td><span class="score score-red">1/5</span></td><td><span class="score score-red">1.5/5</span></td><td>4</td></tr>
90
+ <tr><td>7</td><td><strong>Supply Chain Security</strong></td><td><span class="score score-red">1/5</span></td><td><span class="score score-amber">2.5/5</span></td><td>4</td></tr>
91
+ <tr><td>8</td><td>Network Exposure & Attack Surface</td><td><span class="score score-amber">2/5</span></td><td><span class="score score-amber">3.5/5</span></td><td>4</td></tr>
92
+ <tr><td>9</td><td><strong>Privilege Model</strong></td><td><span class="score score-red">1/5</span></td><td><span class="score score-amber">3.5/5</span></td><td>4</td></tr>
93
+ <tr><td>10</td><td>Vendor Support & SLAs</td><td><span class="score score-red">1/5</span></td><td><span class="score score-red">1/5</span></td><td>3</td></tr>
94
+ <tr style="font-weight:700;border-top:2px solid var(--navy-mid)"><td></td><td>Composite</td><td><span class="score score-red">1.2/5</span></td><td><span class="score score-amber">2.2/5</span></td><td>4.0</td></tr>
95
+ </tbody>
96
+ </table>
97
+
98
+ <p>ClawMoat raises the composite score from 1.2 to 2.2 — not enterprise-ready yet, but a significant improvement. Let's look at the four dimensions where ClawMoat makes the biggest difference.</p>
99
+
100
+ <h2>1. Authorization & Access Control (1 → 3)</h2>
101
+
102
+ <p>OpenClaw's current score: <strong>1/5</strong>. There is no authorization layer. The agent runs with the user's full permissions.</p>
103
+
104
+ <p>With ClawMoat's Host Guardian, you get four permission tiers:</p>
105
+ <ul>
106
+ <li><strong>Observer</strong> — read-only. Can list files and view system info. Cannot write or execute.</li>
107
+ <li><strong>Worker</strong> — safe commands (git, npm, file I/O). Blocks dangerous operations.</li>
108
+ <li><strong>Standard</strong> — most operations permitted. Forbidden zones enforced.</li>
109
+ <li><strong>Full</strong> — unrestricted execution. Forbidden zones still active. Full audit trail.</li>
110
+ </ul>
111
+
112
+ <p>Plus 20+ forbidden zones that block access to sensitive directories regardless of tier: <code>~/.ssh</code>, <code>~/.aws</code>, <code>~/.gnupg</code>, browser data, crypto wallets, package tokens, and more.</p>
113
+
114
+ <h2>2. Audit Logging & Observability (2 → 4)</h2>
115
+
116
+ <p>OpenClaw's current score: <strong>2/5</strong>. Basic session logging exists, but there's no structured audit trail for security events.</p>
117
+
118
+ <p>ClawMoat provides:</p>
119
+ <ul>
120
+ <li>Full audit trail of every file access, shell command, and network request</li>
121
+ <li>Credential file monitoring (watches sensitive directories for unauthorized access)</li>
122
+ <li>Network egress logging with URL extraction and domain tracking</li>
123
+ <li>Real-time alerts via console, file, webhook, Slack, or email</li>
124
+ <li>Exportable logs for compliance review and incident forensics</li>
125
+ <li>Rate-limited alert delivery to prevent alert fatigue</li>
126
+ </ul>
127
+
128
+ <p>This is the dimension where ClawMoat makes the biggest impact — taking OpenClaw from "basic logs" to "structured, exportable, real-time observability."</p>
129
+
130
+ <h2>3. Privilege Model (1 → 3.5)</h2>
131
+
132
+ <p>OpenClaw's current score: <strong>1/5</strong>. No privilege model exists. The agent inherits the user's full privileges.</p>
133
+
134
+ <p>ClawMoat's permission tiers implement least privilege at the host level:</p>
135
+ <ul>
136
+ <li>Tiered command blocking — dangerous commands (rm -rf, chmod 777, etc.) blocked by tier</li>
137
+ <li>File system restrictions — read/write access controlled per tier</li>
138
+ <li>Forbidden zones — always blocked, regardless of tier</li>
139
+ <li>Runtime tier switching — promote or demote without restart</li>
140
+ </ul>
141
+
142
+ <h2>4. Supply Chain Security (1 → 2.5)</h2>
143
+
144
+ <p>OpenClaw's current score: <strong>1/5</strong>. Skills are installed from ClawHub with no signature verification.</p>
145
+
146
+ <p>ClawMoat's skill integrity checker provides:</p>
147
+ <ul>
148
+ <li>Hash-based verification of installed skills</li>
149
+ <li>14 suspicious pattern detectors (eval, exec, fetch to unknown domains, etc.)</li>
150
+ <li>CLI: <code>clawmoat skill-audit ~/.openclaw/skills/</code></li>
151
+ <li>Detects tampering after installation</li>
152
+ </ul>
153
+
154
+ <p>This doesn't solve the root problem (no signature verification in ClawHub), but it provides a detection layer that didn't exist before.</p>
155
+
156
+ <h2>What ClawMoat Doesn't Fix</h2>
157
+
158
+ <p>Honesty matters. ClawMoat doesn't address:</p>
159
+ <ul>
160
+ <li><strong>Identity & Authentication (1/5)</strong> — OpenClaw has no agent identity system. This needs to be fixed upstream.</li>
161
+ <li><strong>Data Isolation (1/5)</strong> — The agent still runs in the user's environment. True data isolation requires VM-level separation.</li>
162
+ <li><strong>Execution Sandboxing (1/5)</strong> — ClawMoat restricts what the agent can do, but doesn't sandbox execution at the process level. (See <a href="https://news.ycombinator.com/item?id=47075823">ClawShell</a> for process-level isolation.)</li>
163
+ <li><strong>Compliance Certifications (1/5)</strong> — ClawMoat generates compliance-ready reports, but isn't itself certified.</li>
164
+ <li><strong>Vendor Support (1/5)</strong> — We're open source. Enterprise support is available through our <a href="/business/">business plans</a>.</li>
165
+ </ul>
166
+
167
+ <h2>The Defense-in-Depth Stack</h2>
168
+
169
+ <p>No single tool gets OpenClaw to 4.0/5. The enterprise stack will look something like:</p>
170
+
171
+ <table>
172
+ <thead><tr><th>Layer</th><th>Tool</th><th>CLAW-10 Dimensions</th></tr></thead>
173
+ <tbody>
174
+ <tr><td>Host Security</td><td><strong>ClawMoat</strong></td><td>Authorization, Audit, Privilege, Supply Chain</td></tr>
175
+ <tr><td>Process Isolation</td><td>ClawShell</td><td>Data Isolation, Execution Sandboxing</td></tr>
176
+ <tr><td>Prompt Scanning</td><td>LlamaFirewall</td><td>Network Exposure (input filtering)</td></tr>
177
+ <tr><td>Enterprise Governance</td><td>Runlayer</td><td>Identity, Compliance, Vendor Support</td></tr>
178
+ <tr><td>Managed Hosting</td><td>KiloClaw</td><td>Execution Sandboxing, Network Exposure</td></tr>
179
+ </tbody>
180
+ </table>
181
+
182
+ <div class="cta">
183
+ <h3>Start improving your CLAW-10 score today.</h3>
184
+ <p>One npm install. Four dimensions addressed. Zero dependencies.</p>
185
+ <a href="https://github.com/darfaz/clawmoat">⭐ Star on GitHub</a>
186
+ </div>
187
+
188
+ <pre><code>npm install -g clawmoat
189
+ clawmoat scan ~/.openclaw/
190
+ clawmoat skill-audit ~/.openclaw/skills/
191
+ clawmoat report</code></pre>
192
+
193
+ <p>For businesses that want managed installation + compliance reports: <a href="/business/">ClawMoat for Business →</a></p>
194
+
195
+ <p style="color:var(--gray);font-size:.85rem;margin-top:48px;padding-top:24px;border-top:1px solid rgba(255,255,255,.06)">Sources: <a href="https://www.onyx.app/insights/openclaw-enterprise-evaluation-framework">Onyx AI CLAW-10</a> · <a href="https://www.microsoft.com/en-us/security/blog/2026/02/19/running-openclaw-safely-identity-isolation-runtime-risk/">Microsoft Security Blog</a> · <a href="https://www.catonetworks.com/blog/when-ai-can-act-governing-openclaw/">Cato Networks</a></p>
196
+ </div>
197
+ </article>
198
+ </body>
199
+ </html>