Detect dangerous misconfigurations before they become exposed attack surfaces.
Join the WaitlistAI agents are deployed with dangerous defaults. Every day.
Publicly bound to 0.0.0.0 with no authentication
Running inside privileged or root containers
API keys sitting in plaintext .env files
Config files world-writable on shared hosts
These are not theoretical risks — they are common misconfigurations that ClawShield detects today.
A runtime policy enforcement framework for AI agents.
PolicyGate provides modular, rule-based security tools that audit agent deployments against configurable policy sets. Each module targets a specific attack surface — network exposure, container posture, secrets handling, file permissions — and outputs deterministic, automation-ready results.
PolicyGate is designed for CI pipelines, pre-deploy checks, and continuous monitoring. It exits non-zero when security thresholds are exceeded.
The first PolicyGate module. Available now.
Security audit tool for OpenClaw deployments
pip install clawshield
clawshield path/to/openclaw.yaml
clawshield --fail-on high --json config.yaml
Modular scanners collect facts from runtime configs, containers, environment files, and file permissions.
The policy engine evaluates collected facts against YAML-defined rules with configurable severity levels.
Structured JSON output with deterministic schema — designed for CI pipelines and automation.
What's coming next.
Watch mode for live detection of configuration drift.
Support for more AI agent frameworks beyond OpenClaw.
Pre-built policy sets for common deployment profiles.
Deeper container hardening analysis and network policies.
Entropy-based analysis and broader credential formats.
Tamper-proof, verifiable policy distribution.
Join the waitlist for PolicyGate updates, new modules, and early access.
No spam. Unsubscribe anytime.