Frequently Asked Questions
What is DefenseClaw?
DefenseClaw is the enterprise governance layer for OpenClaw. It wraps Cisco AI Defense security scanners and NVIDIA OpenShell into a CLI and gateway sidecar that scans skills, MCP servers, plugins, and code before execution; enforces block and allow lists; inspects tool calls in real time; and maintains a durable audit trail of every security-relevant action.
Does DefenseClaw replace OpenShell?
No. DefenseClaw orchestrates OpenShell — it writes OpenShell policy YAML and triggers policy reloads, but never forks or replaces the sandbox runtime. DefenseClaw handles the governance layer (scanning, enforcement, audit), while OpenShell handles the isolation layer (sandboxing, network restrictions).
Does it work on macOS?
Yes. Scanning, block/allow lists, audit logging, the guardrail, and the gateway sidecar all work on macOS. OpenShell sandbox enforcement is skipped because OpenShell requires Linux. DefenseClaw detects the platform and degrades gracefully.
What scanners does it use?
DefenseClaw uses two categories of scanners:
Cisco AI Defense open-source scanners (installed as Python packages):
- Skill Scanner (GitHub) — multi-engine skill analysis
- MCP Scanner (GitHub) — MCP server threat detection
Built-in engines (no external dependencies):
- AI BOM — live AI Bill of Materials inventory (queries OpenClaw directly, not the separate
cisco-aibompackage) - ClawShield — secrets, PII, vulnerability, malware, and injection detection in code and tool arguments
- CodeGuard — static analysis rules for source code scanning
Can I use DefenseClaw without OpenClaw?
DefenseClaw is built to secure any AI agent. Today it supports only OpenClaw, but we will be adding others pretty soon.
How fast is blocking?
Under 2 seconds. Enforcement is event-driven, not polling-based. When a skill or tool is blocked, the change takes effect immediately without restarting any service.
Where are audit logs stored?
All events are stored in a local SQLite database at ~/.defenseclaw/audit.db. This includes scan results, enforcement actions, alerts, and tool inspection events. Optionally, events can be forwarded to:
- Splunk via HEC (HTTP Event Collector) — batch and real-time modes
- Any OTLP backend (Splunk Observability, Datadog, Grafana, etc.) via OpenTelemetry
What policy templates are available?
Three built-in templates:
| Template | Behavior |
|---|---|
| default | Balanced — blocks HIGH/CRITICAL, warns on MEDIUM/LOW |
| strict | Maximum security — blocks MEDIUM and above, no allow-list bypass |
| permissive | Minimal friction — blocks CRITICAL only |
Create custom policies with defenseclaw policy create <name>.
What is the admission gate?
The admission gate is the decision flow every skill, MCP server, and plugin passes through on install:
- Block list — If blocked, reject immediately
- Allow list — If allowed, skip scan (still logged and inventoried)
- Scan — Run configured scanners
- Enforce — Action based on scan severity per active policy
How do I set up Splunk integration?
defenseclaw setup splunk
The interactive wizard configures Splunk HEC endpoints, access tokens, and optionally sets up the local Splunk bridge for environments without direct HEC access. Use --non-interactive with flags for automation.
Can I use it with agent frameworks other than OpenClaw?
DefenseClaw supports a claw mode system. Currently, openclaw is the only fully supported mode. Future modes include claudecode, nemoclaw, opencode, and codex. The claw mode determines how skill directories, MCP configurations, and agent settings are discovered.
How do I create custom Rego policies?
# Create a new policy from the default template
defenseclaw policy create my-policy
# Edit specific sections
defenseclaw policy edit actions
defenseclaw policy edit guardrail
# Validate syntax
defenseclaw policy validate
# Run Rego unit tests
defenseclaw policy test
Custom policies are stored in ~/.defenseclaw/policies/ and evaluated by the OPA engine embedded in the gateway sidecar.
What platforms are supported?
| Platform | Architecture | Status |
|---|---|---|
| macOS | arm64, amd64 | Full (except OpenShell sandbox) |
| Linux | amd64, arm64 | Full |
Cross-compile the gateway with make gateway-cross GOOS=linux GOARCH=amd64.
How do I check system health?
defenseclaw doctor
This checks connectivity and credentials for the sidecar, LiteLLM proxy, Cisco AI Defense API, Splunk HEC, and scanner availability. Pass --json for machine-readable output.
Does DefenseClaw require Docker?
Only for defenseclaw setup splunk --logs, which starts a local Splunk Enterprise container via Docker Compose for log collection and dashboards. Everything else — the core binary, CLI, scanning, enforcement, guardrail, and Splunk Observability (--o11y) — has zero Docker dependency.
What does AIBOM scan?
defenseclaw aibom scan generates a live AI Bill of Materials by querying your running OpenClaw environment. It catalogs seven categories: skills, plugins, MCP servers, agents, tools, model providers, and memory backends. Each item is enriched with its block/allow status and latest scan severity from the audit store. Use --only skills,plugins to limit categories or --summary for a quick overview.
How does the file system watcher work?
The gateway sidecar monitors skill and plugin directories for changes. When a new skill or plugin is detected, it automatically passes through the full admission gate (block list, allow list, scan, enforce). Watcher events appear in the audit log and OTEL telemetry with actor set to watcher.
Does DefenseClaw require root?
No. Everything runs in userspace. No root permissions, no system-level modifications.
How do I update DefenseClaw?
Pull the latest source and rebuild:
git pull
make build
Or use make dist to build distributable packages and scripts/install.sh --local dist/ to install on target machines.