The local-first AI agent platform

Run AI agents locally.
Your models. Your tools. Your machine.

OpenClaw is the platform for running AI agents on your own computer. Bring any model — Claude, GPT-5, Gemini, Llama. Connect the tools you already use. Keep every prompt, key, and file on-device. Clawmont is the security layer that makes it safe to turn on.

See it in action

Works with Claude GPT-5 Gemini Llama Gemma & any OpenAI-compatible model

What OpenClaw does

The assistant you always wanted.
On hardware you already own.

One platform. Any model. Any tool. Running on the laptop in front of you — not someone else's cloud.

Automate the tedious stuff

Let an agent sort your inbox, draft replies, close tickets, spin up pull requests. Daily chores, off your plate.

Use any AI model

GPT-5, Claude, Gemini, Llama, Gemma, or a model you fine-tuned yourself. OpenClaw runs them side by side — switch at any time.

Connect to your tools

Slack, Discord, Telegram, Gmail, Notion, your filesystem. Plug them in through MCP. Your agent uses them like a teammate would.

Runs on your machine

Chat history, credentials, files, audit logs — all local. No vendor sees your prompts. No cloud subscription hiding behind "cloud-first" marketing.

The flip side

But AI agents have access
to everything.

An agent that can read your files can also leak them. An agent that can call an API can also send your keys somewhere that politely asks. Every tool you wire up is a path an attacker can try to walk.

Prompt injection

Someone hides instructions in a PR comment, a fetched web page, or a file. Your agent reads them and follows — without telling you.

Credential leaks

An agent that can read your code can also read ~/.aws/credentials. A single "paste these keys here" request is enough.

Unauthorized tool calls

rm -rf. curl | bash. DROP TABLE. Without a guardrail, every tool your agent has is a destructive command away.

The answer

That's why we built
Clawmont.

Clawmont is the security layer for OpenClaw — an in-process plugin that inspects every prompt, every tool call, and every file read before the model sees it. Eleven defense layers, every one of them independently bypass-tested.

01

Keys stay on your machine

Provider API keys are validated on-device. Never proxied. Never logged. Never shipped to a Clawmont server — not even for health checks.

02

Eleven layers of defense

Credential scanner, tool firewall, schema validation, MCP integrity pinning, path guard, session isolation, read-only mode, audit log, command guard, egress allow-list, injection detector.

03

Tamper-evident audit

Every prompt, tool call, refusal, and redaction is hash-chained to disk. Any edit breaks the chain and Clawmont flags it on the next boot.

See it in action

Someone tries something nasty.
Clawmont refuses. You never hear about it.

Pick an attack below. Watch the plugin catch it — locally, before it ever reaches the model.

Try it live

Run an attack. See which layer stops it.

The regexes here are the same ones that ship in packages/plugin/src. No network calls — every verdict runs in your browser so you can diff what leaks without Clawmont vs. what gets blocked with it.

Clawmont inspects the payload and emits a signed audit entry before the tool call reaches the model.

attacker > input

Presets auto-load. Free-text mode lets you paste any prompt, tool call, or file path you want to try.

clawmont > scan Ready
Ready
Pick a preset or type a payload.
Scan detail will show here.

Same regexes that ship in production. The live red-team score (204/204 regression, 35/54 red-team, 19 known bypasses) is always current at security.clawmont.com.

Want the deep, developer-grade version with every layer broken out? Open the full playground →

Premium add-on

Send every refusal
to your team.

Add Guardrails Monitoring at checkout. HMAC-signed end-to-end — the plugin keeps protecting you locally even if you cancel.

Pricing

Pay once. Keys stay yours.

One-time license. Same full security layer on every tier. No subscription on the plugin itself.

Single persona

$30one-time

Pick one of four personas — Developer, Trader, SRE, or Researcher.

Developer Trader SRE Researcher pick one
  • Full Clawmont security layer — 11 in-process defense layers
  • Curated MCP + skill bundle locked to your role
  • Tamper-evident audit log + zero-knowledge keys
  • Upgrade to Apex later for $10 — no re-tier
Add Guardrails Monitoring +€9/mo
  • Real-time alerts to Slack, Discord, Telegram, or email
  • Searchable 90-day alert history (we host it for you)
  • Daily security digest

Added during checkout · Cancel anytime

Pay now, choose your persona in onboarding. Upgrade to Apex later for $10.

Apex · all-access

$40one-time

Every persona, plus every future one.

Developer Trader SRE Researcher
  • All four personas — merged, deduplicated, locked to the strictest union
  • Most-restrictive security across the four-persona union
  • Early access to supply-chain diff-audit + guardian-cron
  • Every future persona ships free
Add Guardrails Monitoring +€9/mo
  • Real-time alerts to Slack, Discord, Telegram, or email
  • Searchable 90-day alert history (we host it for you)
  • Daily security digest

Added during checkout · Cancel anytime

One-time payment. All future personas included.

Get started in three minutes.

Pick a persona, click the email link, paste one install command. After that, Clawmont quietly watches every AI call you make.

Read the setup guide