Clawmont is the security layer for OpenClaw — zero-knowledge key handling, 11 defense layers, local credential validation. Other tools proxy your keys through their servers. We never touch them.
We are a security product first. Your provider keys stay on your machine, your configuration stays on disk, your audit trail never leaves the laptop unless you ask it to.
Anthropic, OpenAI, any provider — your API keys are validated and used locally. Clawmont never proxies, logs, or transmits them. Other gateways route your keys through their servers. We refuse on principle.
Prompt injection, PII, tool firewall, exfiltration guards, credential scanner, command guard, path protection, tamper-evident audit log, and more — each independently bypass-tested. Threats are blocked before the model sees them.
Pick your role, get a curated MCP + skill bundle with the most-restrictive security presets already applied. No allowInsecureAuth=true. No "exec security full". No world-readable configs.
Only security events travel to the cloud, and only if you enable Guardrails. Each alert is HMAC-signed, redacted of secrets before transmission, and delivered to Discord, Slack, Telegram, or email with full context.
Clawmont drops into your existing OpenClaw gateway. Your provider keys stay local. Every security layer activates automatically.
Clawmont scans your CPU, GPU, and RAM to select the optimal AI models for your machine — no manual benchmarking needed.
The right models are picked and configured for your hardware and role — local inference for privacy, cloud fallback for heavy workloads.
Role-specific MCP servers are installed and configured automatically — code analysis for developers, market data for traders, all pre-vetted and secured.
All 11 security layers activate automatically — prompt injection, PII filtering, token limits, exfiltration guards, and more.
Prompts, skills, and security policies are tuned for your specific role — one install, everything configured, switch personas anytime.
11-layer threat detection, PII filtering, prompt injection blocking, token abuse prevention, real-time alerting
Always ActiveHardware detection, model selection, MCP server setup, CLAUDE.md prompts, skill presets, role-based defaults
Auto-ConfiguredCSP-hardened onboarding, keys validated locally, no configs to audit by hand. Five steps from persona to protected gateway.
Choose the persona that matches your role. Each comes with curated MCP servers, skills, and security policies.
Software engineers, senior devs, staff+ builders
Quants, retail traders, finance researchers
DevOps, SRE, platform + infra engineers
Data scientists, ML engineers, analysts
AppSec, SecOps, red + blue teams
Academics, PhD students, literature reviewers
Marketing leads, content + brand teams
Sysadmins, homelab operators, IT generalists
Get instant threat alerts and AI chat where your team already works.
All 11 security layers are enabled by default. Fine-tune thresholds anytime from the config file on disk.
Auto-detecting your gateway and installing the plugin. Everything is automatic.
Clawmont is actively monitoring all traffic through your OpenClaw gateway.
Choose a security persona that matches your role.
Every persona ships with the full Clawmont security stack — zero-knowledge keys, 11 defense layers, tamper-evident audit. $30 one-time, your pick. Optimus Prime unlocks all eight for $40.
All eight personas, merged, deduplicated, locked down to the strictest security settings. Every new persona ships free.
Clawmont alerts and AI conversations go wherever your team already works. Set up in one step during onboarding.
Every claim below is backed by a test in version control. No testimonials, no synthetic benchmarks — just reproducible numbers.
Install once and forget about it. Clawmont runs quietly in the background, blocking threats before they reach your model. You get real-time alerts if anything suspicious happens — no security expertise required.
Automatically catches credit card numbers, SSNs, API keys (AWS, Stripe, GitHub, Anthropic), and personal identifiers before they leave your machine. Your legitimate data flows normally.
Thoroughly tested against real attack techniques: Unicode homoglyph obfuscation, zero-width character injection, ROT13 evasion, fake tool-result injection, context-reset attacks, and XSS payloads. Each evasion vector is blocked and regression-tested.
Tool-call guards enforce read-only mode, size limits, and path protection (~/.ssh, ~/.aws, /etc/passwd). Exfiltration chain detection watches for credential-read-then-network-call patterns. Dangerous commands (rm -rf, curl|bash, eval, DROP TABLE) are blocked at the guard level.
We don't ship and hope. Three independent audit rounds resolved 42+ vulnerabilities: HMAC replay protection, brute-force prevention, regex evasion hardening, homoglyph filtering, file permission enforcement, TLS validation, and rate limiting across all packages.
Pure TypeScript with no external runtime dependencies. No native modules, no transitive dependency trees to audit. Runs anywhere Node.js runs — nothing else to trust.
Most gateways ship security as a checkbox. Clawmont starts from the threat model and works outward — beginning with the one thing every other tool gets wrong.
allowInsecureAuth=true by defaultexec security=full (no sandbox)One-time license. Same security layer on every tier. Add the optional Guardrails cloud layer at checkout — keys still stay on your machine.
Added during checkout · Cancel anytime
Pay now, choose your persona in onboarding. Upgrade to Optimus Prime later for $10.
Added during checkout · Cancel anytime
Keys never leave your machine. One-time payment. Plugin yours to keep.
Everything you need to know about Clawmont.
allowInsecureAuth=true, no execution sandbox, and world-readable configs — and they proxy your API keys through their own servers. Clawmont does the opposite: strict auth, sandboxed execution, chmod 600 configs, AES-256-GCM for Clawmont-side secrets, and your provider keys never touch our infrastructure.
Clawmont keeps your provider API keys on your machine and blocks 11 categories of threat before they reach the model. Install the plugin in minutes — one-time payment, yours to keep, plugin stays open-source.
Keys never leave your machine • One-time payment • Plugin stays open-source