Straight answers.

No. Not once. Your Anthropic, OpenAI, or any other provider API key is validated and used locally by the plugin. Clawmont never proxies, logs, or transmits your provider keys. Other MCP gateways route your keys through their own servers — we refuse on principle. The only things that ever leave your machine are HMAC-signed, redacted security-alert metadata, and only if you opt into the Guardrails add-on.

No. Clawmont is a security-first plugin that installs inside OpenClaw. It adds four security pillars — input rail, tool dispatch, tool response, model output — plus role-based configuration on top of your existing setup. Nothing is replaced, nothing is proxied, nothing new has to run.

A one-time $30 license for any one of the four personas — Developer, Trader, SRE, or Researcher. Each includes the full local Clawmont security layer: zero-knowledge key handling, all four security pillars (input rail, tool dispatch, tool response, model output) bypass-tested against the OWASP LLM Top 10 and a 200-scenario red-team corpus, tamper-evident audit log, and credential scanner — plus a curated, version-pinned set of tools, skills, and presets shaped around that role. Once you buy it, it is yours.

Apex is the all-access persona — Developer, Trader, SRE, and Researcher merged, plus every future persona we ship, deduplicated with the most-restrictive security settings applied across the full union. Every new persona at no extra charge. Supply-chain diff-audit, guardian-cron autopilot, and browser boundary are on the roadmap. Also a one-time purchase.

An optional cloud delivery layer for security events only — real-time alert delivery to Discord / Slack / Telegram / email, daily security digest, hosted audit trail with 90-day retention, and webhook+API for your own tooling. Every alert is HMAC-signed and redacted of secrets before transmission. Clawmont-side secrets (HMAC keys, subscription tokens) are stored server-side under AES-256-GCM with an HKDF-derived key. Provider API keys are never involved. Works with any persona or Apex and is the only recurring charge we sell. The plugin runs fully offline without Guardrails.

Four, each independently bypass-tested against the OWASP LLM Top 10 and a 200-scenario red-team corpus. (1) Input rail (Port 1) — every prompt fragment scanned before the model sees it: credential scanner, prompt-injection detector with Unicode normalization. (2) Tool dispatch (Port 2) — every tool call passes through a curated dangerous-action allowlist with per-tool severity grading: rm -rf, curl|bash, eval, DROP TABLE refused with a labelled alert. (3) Tool response (Port 3) — every tool result inspected before the model can read it: path protection (~/.ssh, ~/.aws, /etc/passwd, keychain) plus request/response size limiter. (4) Model output (Port 4) — every model reply scanned before it reaches the user: hash-chained activity monitor, session isolation, read-only mode. Raw measurements live in `wiki/measurements/`; full methodology at security.clawmont.com.

Most MCP gateways ship with allowInsecureAuth=true, no execution sandbox, world-readable configs, and proxy your API keys through their own servers. Clawmont does the opposite: strict auth, sandboxed execution, chmod 600 configs, CSP-hardened onboarding, AES-256-GCM for Clawmont-side secrets, and your provider keys never touch our infrastructure. We also don't build a gateway — gateways are single points of failure. Clawmont runs inside the OpenClaw process as a plugin.

No free trial. Any single persona is $30 one-time — the smallest way in — and you can upgrade to Apex later for just the $10 price difference. Your license stays active as long as your account is in good standing; Clawmont reserves the right to disable licenses for fraud, abuse, or chargeback.

You keep the open-source plugin, your persona license, and every local security feature. Your configuration stays on disk. Cloud alert delivery and hosted audit trail stop at the end of the billing period — the plugin keeps protecting you locally with no interruption.

No. Clawmont is zero-knowledge for prompts, completions, and provider keys — we don't ingest any of them, we don't relay them through our servers, and we don't train on anything. Security alerts are the only thing that travel to the cloud (only if Guardrails is enabled), and they're HMAC-signed and redacted before leaving your machine.

No. Every claim on this site is anchored to a reproducible source — the OWASP LLM Top 10, a 200-scenario red-team corpus, and `packages/plugin`'s Vitest suite. Raw measurements are file-backed in `wiki/measurements/` and re-run on every merge to main, including the attacks we cannot yet block. We'd rather ship fewer claims than fake them.

A solo developer building the plugin, the API, and this marketing site in public. No VC money, no growth team — just a focused product with an aggressive regression suite.

Any OpenClaw instance — macOS, Linux, and Windows. macOS / Linux install via `curl … | bash`. Windows users have three paths: native PowerShell (`irm https://api.clawmont.com/install.ps1 | iex`), Git Bash, or WSL2 — see <a href="/docs/windows-install">/docs/windows-install</a> for the testing matrix and known caveats. The plugin is a pure TypeScript package with minimal runtime dependencies (only `@clack/prompts` for interactive installs), keeping the supply-chain surface trivial to audit.