Built by cybersecurity engineers. Transparent by design.
ClawTrust was built by engineers with experience at Palo Alto Networks, SentinelOne, PagerDuty, and Mode Analytics. We don't just claim security. We show you exactly how it works.
7 layers of protection on every agent
Each layer addresses a specific attack vector. Together, they eliminate the risks of running AI agents.
Outbound-Only Encrypted Tunnels
Zero public ports — all connections are outbound-only encrypted tunnels
Every ClawTrust agent connects to the outside world exclusively through outbound-only encrypted tunnels with TLS 1.3 encryption. There are zero listening ports on your agent's server. It is invisible to Shodan, Censys, and all internet-wide port scanners. No one on the internet can initiate a connection to your agent — only our edge network can reach it, through an encrypted tunnel your agent initiates.
Docker Sandbox Isolation
Every tool execution runs in an isolated container
All tool executions run inside Docker containers with strict resource limits, read-only filesystem mounts, and no network access unless explicitly allowed. Containers are destroyed after each execution. This prevents malicious skills from accessing your agent's data, installing persistent software, or escalating privileges.
DM Pairing (Contact Verification)
New contacts require your explicit approval
Before your agent responds to a new contact on any messaging platform, it requires your explicit approval through a pairing request. This prevents unauthorized users from interacting with your agent and blocks social engineering attacks that attempt to manipulate the agent through unsolicited messages.
Tool Allowlist
Only pre-approved tools can execute
Your agent operates on a strict allowlist model. Only tools that have been reviewed and approved can be executed. There is no access to arbitrary shell commands, file system operations outside the workspace, or unapproved network connections. Every tool invocation is logged to your audit trail.
LUKS2 Encrypted Storage
All data encrypted at rest with AES-256
Every agent's storage volume is encrypted at rest using LUKS2 with AES-256-XTS. Encryption keys are managed separately from the storage volumes. Even if someone physically accessed the server hardware, your data would be unreadable without the encryption key.
No Incoming Traffic
Your agent can reach the internet, but no one can reach it
The agent gateway binds to localhost only. All inbound connections from the public internet are completely blocked. Your agent can make outbound requests (browsing, API calls, email), but no external entity can initiate a connection to your agent. This eliminates entire classes of attacks: port scanning, brute-force, direct exploitation.
Isolated Virtual Private Server
Dedicated hardware per customer, no shared resources
Every ClawTrust agent runs on its own dedicated Virtual Private Server. There is no multi-tenancy at the infrastructure level. Your agent's CPU, memory, storage, and network are completely isolated from every other customer. A compromise of one agent cannot affect another.
What the headlines say about AI agent security
These are real vulnerabilities disclosed in January 2026. Here's how ClawTrust addresses each one.
One-Click Remote Code Execution via WebSocket
A malicious WebSocket link could execute arbitrary code on the host machine with a single click. Any agent with the gateway bound to 0.0.0.0 was vulnerable. Patched in v2026.1.29.
ClawTrust agents bind to localhost only, accessible only through outbound-only encrypted tunnels. The gateway is never exposed to the public internet, making this attack vector impossible.
Agent Hijacking via Unauthenticated Gateway
Security researchers at The New Stack demonstrated hijacking an OpenClaw agent in under 2 hours by exploiting the unauthenticated gateway API exposed on port 18789. Two additional command injection CVEs were disclosed the same week.
ClawTrust enforces token-based authentication on all gateway connections. Port 18789 is never exposed to the internet. All access is through encrypted tunnels with TLS.
341 Malicious Skills on ClawHub Marketplace
The Register reported 341 malicious skills discovered on the OpenClaw public skill marketplace, capable of exfiltrating credentials (including cryptocurrency wallets), installing backdoors, and escalating privileges.
ClawTrust deploys only vetted, reviewed skills. All tool executions run inside Docker sandboxes with strict allowlists. No marketplace code runs without approval.
Security controls on every agent
Every ClawTrust agent ships with these protections enabled by default. No configuration required.
Technical security FAQ
Ready to hire your first AI employee?
Production-ready in 5 minutes. All 7 security layers included on every plan.