Last week, DJ wrote about why OpenClaw – the agent he uses to help run his family’ life needs a governance layer. He pointed to ClawHavoc, 135K exposed instances, and the growing gap between how powerful OpenClaw is and how little anyone was doing to secure it.
That gap is exactly why we built DefenseClaw.
DefenseClaw is now live on GitHub. It is open source, ready to install, and built to bring governance, enforcement and observability to OpenClaw.
You already know why this matters. This post will cover what you can do about it.
What Ships Today: Three Layers of Defense
DefenseClaw is the operational governance layer that was missing from the stack. NVIDIA provided the sandbox foundation with OpenShell. The Cisco AI Defense team open sourced the scanners. DefenseClaw brings them together into one governed loop – so the security decisions happen automatically.
Layer 1: Secure the supply chain
When you install a skill, plugin or MCP through DefenseClaw CLI, it gets scanned before it is allowed into your environment. But we don’t assume everything will go through CLI, so it continuously monitors the relevant directories for any changes – where it’s a manually added plugin, a copied skill or something pulled by another process. Critical and high-severity findings can trigger enforcement actions, and every event is logged.
- defenseclaw skill scan slack
- defenseclaw plugin install clawhub://voice-call
- defenseclaw mcp set deepwiki –url http://mcp.deepwiki.com/mcp
Layer 2: Secure the Runtime
Scanning at install time isn’t enough. A prompt injection attack from your email connected to your OpenClaw could compromise your system or result in leakage of your personal information. So, we built an inspection engine that sits in the execution loop as a OpenClaw plugin – LLM prompts, completions, and tool invocations get checked in real time for injection attacks, data exfiltration and common-and-control patterns.
We also built CodeGuard to scan code that the agent writes. Every file the claw generates, or edits gets checked for hardcoded secrets, command injection, unsafe deserialization, and bunch of other patterns. If your agent writes eval(input) into a file, CodeGuard catches it before it hits the filesystem.
You can start in monitor mode where everything is logged, and nothing is blocked then switch over to action mode for real time protection.
- defenseclaw setup guardrail –mode action
Layer 3: Secure the system boundary
We enforce protection at the system boundary so that even in a failure scenario the impact is contained. At the infrastructure layer, OpenShell acts as the outer guardrail governing the network and file system i/o, ensuring that even if your OpenClaw is compromised, it cannot freely reach external systems or modify sensitive files.
Every Claw is Born Observable
Every scan result, block decision, tool call, alert – it all streams as structured events from the moment you start. We ship with a one-command Splunk setup locally or in Splunk observability cloud (o11y).
- defenseclaw setup splunk –logs
This gives you a local Splunk instance with a purpose-built DefenseClaw app – dashboard, saved searches, investigation workflows all pre-wired. If your claw does something, there’s a record with full observability.
Try It
You can install and get it running in under 5 mins.
curl -LsSf https://raw.githubusercontent.com/cisco-ai-defense/defenseclaw/main/scripts/install.sh | bash
defenseclaw init –enable-guardrail
To make it even easier to get started, we have also published an OpenClaw security learning lab so you can see how it works and start experimenting right away.
What’s Next
DefenseClaw is shipping as a fully functional governance layer. Native support for other Agents like ClaudeCode, OpenCode, ZeroClaw, Codex, etc., are coming very soon, besides numerous other features and capabilities.
Try it and tell us what you like and what’s missing. Join us on Discord.
Click Here For The Original Source.
