DefenseClaw
Enterprise governance for AI agents — scan, enforce, and audit every skill, MCP server, and plugin before it runs.
DefenseClaw is the enterprise governance layer for OpenClaw. It sits between your AI agents and the infrastructure they run on, enforcing a simple principle: nothing runs until it's scanned, and anything dangerous is blocked automatically.
View on GitHub | Join Discord | Cisco AI Defense
How It Works
1. Install — Build from source or use the curl installer. Run defenseclaw init to create the config directory, SQLite audit database, and install scanner dependencies.
2. Configure — Set up scanners (setup skill-scanner, setup mcp-scanner), the LLM guardrail (setup guardrail), and optionally Splunk integration (setup splunk). Or use --enable-guardrail during init for a one-step setup.
3. Protect — Every skill install, MCP connection, and tool call passes through the admission gate: block list, allow list, scan, enforce. Findings are logged to the audit store and optionally forwarded to Splunk or any OTLP-compatible backend.
What It Protects
| Target | Scanner | What it detects |
|---|---|---|
| Skills | Cisco skill-scanner | Prompt injection, data exfiltration, command injection, obfuscated code, supply chain risks |
| MCP Servers | Cisco mcp-scanner | Hidden instructions, malicious tool descriptions, suspicious endpoints |
| Plugins | Built-in + external scanner | Behavioral analysis, YARA patterns, LLM semantic analysis |
| Code | CodeGuard / ClawShield | Hardcoded secrets, dangerous exec patterns, PII exposure, injection vulnerabilities |
| Tool Calls | Gateway sidecar (real-time) | Credential leaks, destructive operations, data exfiltration in tool arguments |
| LLM Traffic | LiteLLM guardrail | Prompt injection, secret leakage, exfiltration patterns in prompts and responses |
Admission Gate
Every skill, MCP server, and plugin passes through this flow:
- Block list? — If blocked, reject immediately. Log and alert.
- Allow list? — If allowed, skip scanning. Install, log, and inventory.
- Scan — Run configured scanners.
- Clean? — Install and log.
- High/Critical? — Reject, quarantine, log, and alert.
- Medium/Low? — Install with warning, log, and alert.
Documentation
| Guide | Description |
|---|---|
| Installation | Prerequisites, install methods, init and setup walkthrough |
| Features | Complete list of implemented capabilities |
| Quick Start | Get running in 5 minutes |
| CLI Reference | All commands, flags, and examples |
| Examples | Real-world scenarios, OPA policy authoring, OTEL configuration |
| OpenClaw Plugin | Automatic security layer inside OpenClaw |
| FAQ | Common questions and answers |
For technical deep-dives, see the Architecture, API Reference, Config Files, and OpenTelemetry Spec in the repository.
License
Apache 2.0 — See LICENSE for details.