Plugin for OpenClaw · shipping now

Help stop your AI agent from leaking secrets or running dangerous tools.

Clawmont is the runtime security layer for OpenClaw. Eleven local defense layers — prompt-injection, credential exfiltration, tool-firewall, tamper-evident audit. Your provider API keys never leave your machine.

Try it now

One-time license. Same security layer on every tier. Pick your persona in onboarding. What's a persona?

Keys stay on your machine 11 defense layers Tamper-evident audit log Auditable plugin source

Try it live

Run an attack. See which layer stops it.

The regexes here are the same ones that ship in packages/plugin/src. No network calls — every verdict runs in your browser so you can diff what leaks without Clawmont vs. what gets blocked with it.

Clawmont inspects the payload and emits a signed audit entry before the tool call reaches the model.

attacker > input

Presets auto-load. Free-text mode lets you paste any prompt, tool call, or file path you want to try.

clawmont > scan ready

Pick a preset or enter a payload — results show up here.

Same regexes that ship in production. Every verdict runs in your browser — no network calls, no plugin instance. Known limitations are published transparently alongside what we do block.

Want more attacks? The full corpus and per-layer detail live at /playground.

Why Clawmont

Common MCP Gateway Defaults vs Clawmont

Most gateways ship security as a checkbox. Clawmont starts from the threat model and works outward — beginning with the one thing every other tool gets wrong.

Common MCP Gateway Defaults

Security Dimension

Clawmont

Keys proxied through their servers

API Key Handling

Keys never leave your machine

World-readable config files

Config Protection

chmod 600 + AES-256-GCM for cloud secrets

allowInsecureAuth=true by default

Auth Security

Strict auth enforced, TLS required

exec security=full (no sandbox)

Execution Sandbox

Sandboxed with injection detection

Onboarding over unbounded CSP

Onboarding Transport

CSP-hardened, Stripe-scoped form-action only

No audit trail whatsoever

Audit Logging

Tamper-evident local log + signed alerts

Full threat-model walkthrough at /security.

Verified, not claimed

Proof the plugin does what it says

Every guarantee below is regenerated from the plugin's own test suite on every merge to main. Known limitations are tracked transparently alongside what we do block.

Regression suite passing on every commit

The regression suite covers every attack pattern we've written a reproducer for. It runs on every merge to main.

Red-team corpus tested on every build

Adversarial corpus is exercised against the plugin on every build. Known limitations are published transparently, so what we cannot yet block is out in the open.

Comprehensive unit test suite

Vitest suite in packages/plugin runs clean on every commit. HMAC signing, credential scanning, tool firewall, schema validation — all covered.

Eleven defense layers, each independently bypass-tested

Credential scanner, tool firewall, schema validation, MCP integrity pinning, path protection, session isolation, read-only mode, audit log, command guard, egress allowlist, tamper-evident logs.

Pricing

Pay once. Keys stay yours.

One-time license. Same local-only security layer on every tier. Add the optional Guardrails cloud layer at checkout for real-time alerts — keys still never leave your machine.

Any Persona

$30 one-time

Pick any one of four personas. Yours to keep.

Full Clawmont security layer — 11 local defense layers
Any one persona — Developer, Trader, SRE, or Researcher
No recurring fee · license stays active

Add Guardrails Monitoring

+€9/mo

Your security runs locally and is always included. Guardrails adds cloud-delivered alerts and a hosted audit trail — real-time threat alerts · 90-day hosted audit · daily digest · cancel anytime.

Upgrade to Apex later for $10.

Apex

$40 one-time

Every persona, merged and locked down.

Most-restrictive security union across all four personas
Curated best-of from Developer, Trader, SRE, Researcher
Every future persona ships free

Add Guardrails Monitoring

+€9/mo

All four personas today. Every new persona free.

Full tier comparison and refund policy at /pricing · still unsure? What's a persona?

Frequently asked

Four quick answers.

What is OpenClaw?

OpenClaw is the open-source AI agent runtime — the host process that loads MCP servers and skills. Clawmont runs inside OpenClaw as a security plugin: no separate gateway, no proxy, no new single point of failure.

Do my API keys ever leave my machine?

No. Not once. Your Anthropic, OpenAI, or any other provider API key is validated and used locally by the plugin. Clawmont never proxies, logs, or transmits your provider keys. The only things that ever leave your machine are HMAC-signed, redacted security-alert metadata — and only if you opt into the Guardrails add-on.

Is there a free trial?

No free trial. Clawmont is a one-time license — $30 for any single persona, $40 for Apex (every persona). If the product doesn't fit your workflow within 14 days, email support and we'll refund — no questions asked.

How is this different from other MCP gateways?

Many MCP gateways ship with permissive auth defaults, limited execution sandboxing, and proxy your API keys through their servers. Clawmont does the opposite: strict auth, sandboxed execution, chmod 600 configs, your provider keys never touch our infrastructure — and we don't build a gateway at all. Clawmont runs inside the OpenClaw process as a plugin.

Full FAQ with refund policy, supported platforms, and privacy at /faq.

Ship agents built to resist leaks.

One license, one install, eleven defense layers. Your provider keys stay on your machine — always.

How to install

Personas Security Setup Playground