Plugin for OpenClaw · shipping now

Stop your AI agent before it leaks secrets or runs dangerous tools.

Clawmont is the runtime security layer for OpenClaw. Eleven local defense layers — prompt-injection, credential exfiltration, tool-firewall, tamper-evident audit. Your provider API keys never leave your machine.

Try it now

One-time license. Same security layer on every tier. Pick your persona in onboarding. What's a persona?

Keys stay on your machine 11 defense layers Tamper-evident audit log Open-source plugin

Try it live

Run an attack. See which layer stops it.

The regexes here are the same ones that ship in packages/plugin/src. No network calls — every verdict runs in your browser so you can diff what leaks without Clawmont vs. what gets blocked with it.

Clawmont inspects the payload and emits a signed audit entry before the tool call reaches the model.

attacker > input

Presets auto-load. Free-text mode lets you paste any prompt, tool call, or file path you want to try.

clawmont > scan ready

Pick a preset or enter a payload — results show up here.

Same regexes that ship in production. The live red-team score (204/204 regression, 35/54 red-team, 19 known bypasses) is always current at security.clawmont.com.

Want more attacks? The full corpus and per-layer detail live at /playground. Live score at security.clawmont.com ↗.

Why Clawmont

Other MCP Gateways vs Clawmont

Most gateways ship security as a checkbox. Clawmont starts from the threat model and works outward — beginning with the one thing every other tool gets wrong.

Other MCP Gateways

Security Dimension

Clawmont

Keys proxied through their servers

API Key Handling

Keys never leave your machine

World-readable config files

Config Protection

chmod 600 + AES-256-GCM for cloud secrets

allowInsecureAuth=true by default

Auth Security

Strict auth enforced, TLS required

exec security=full (no sandbox)

Execution Sandbox

Sandboxed with injection detection

Onboarding over unbounded CSP

Onboarding Transport

CSP-hardened, Stripe-scoped form-action only

No audit trail whatsoever

Audit Logging

Tamper-evident local log + signed alerts

Full threat-model walkthrough at /security.

Verified, not claimed

Proof the Plugin Does What It Says

Numbers below are regenerated from the plugin's own test suite on every merge to main. Known bypasses are tracked publicly — see the rolling security score at security.clawmont.com.

204 / 204 Security regression tests passing

The regression suite covers every attack pattern we have written a reproducer for. Each run is committed; the rolling score is published at security.clawmont.com.

35 / 54 Red-team attacks blocked

Adversarial corpus currently shows 35 of 54 attacks blocked at the plugin layer. The 19 known bypasses are tracked publicly on the dashboard so what we cannot yet block is out in the open.

303 Plugin unit tests, zero runtime deps

Vitest suite in packages/plugin runs clean on every commit. HMAC signing, credential scanning, tool firewall, schema validation — all covered.

11 Defense layers, each independently bypass-tested

Credential scanner, tool firewall, schema validation, MCP integrity pinning, path protection, session isolation, read-only mode, audit log, command guard, egress allowlist, tamper-evident logs.

Pricing

Pay once. Keys stay yours.

One-time license. Same zero-knowledge security layer on every tier. Add the optional Guardrails cloud layer at checkout for real-time alerts — keys still never leave your machine.

Any Persona

$30 one-time

Pick any one of four personas. Yours to keep.

Full Clawmont security layer — 11 local defense layers
Any one persona — Developer, Trader, SRE, or Researcher
No recurring fee · license stays active

Add Guardrails Cloud Security

+€9/mo

Real-time threat alerts · 90-day hosted audit · daily digest · cancel anytime.

Upgrade to Apex later for $10.

Apex

$40 one-time

Every persona, merged and locked down.

Most-restrictive security union across all four personas
Curated best-of from Developer, Trader, SRE, Researcher
Every future persona ships free

Add Guardrails Cloud Security

+€9/mo

Real-time threat alerts · 90-day hosted audit · daily digest · cancel anytime.

All four personas today. Every new persona free.

Full tier comparison and refund policy at /pricing · still unsure? What's a persona?

Frequently asked

Four quick answers.

What is OpenClaw?

OpenClaw is the open-source AI agent runtime — the host process that loads MCP servers and skills. Clawmont runs inside OpenClaw as a security plugin: no separate gateway, no proxy, no new single point of failure.

Do my API keys ever leave my machine?

No. Not once. Your Anthropic, OpenAI, or any other provider API key is validated and used locally by the plugin. Clawmont never proxies, logs, or transmits your provider keys. The only things that ever leave your machine are HMAC-signed, redacted security-alert metadata — and only if you opt into the Guardrails add-on.

Is there a free trial?

No free trial. Clawmont is a one-time license — $30 for any single persona, $40 for Apex (every persona). If the product doesn't fit your workflow within 14 days, email support and we'll refund — no questions asked.

How is this different from KiloClaw?

Most MCP gateways ship with allowInsecureAuth=true, no execution sandbox, and proxy your API keys through their own servers. Clawmont does the opposite: strict auth, sandboxed execution, chmod 600 configs, your provider keys never touch our infrastructure — and we don't build a gateway at all. Clawmont runs inside the OpenClaw process as a plugin.

Full FAQ with refund policy, supported platforms, and privacy at /faq.

Ship agents that can't leak.

One license, one install, eleven defense layers. Your provider keys stay on your machine — always.

How to install

Personas Security Setup Playground Live score ↗