ClawGuard: Open Source Security for the Agentic Era

Full Techstrong interview




OpenClaw's public failures made one thing painfully clear. 

Agentic systems do not need a traditional exploit to become a security incident. Between MoltBook's public debacle, agents leaking sensitive data, and a skills ecosystem rife with malicious packages, the problem was consistent throughout: agents had real access, real autonomy, and too little security standing between intent and execution.

Capsule Security built ClawGuard as a direct response to this emerging threat domain.

ClawGuard is an open source security layer for the OpenClaw and ClawBot ecosystem that intercepts tool calls before they execute and evaluates them with an LLM acting as a real-time security judge. By analyzing both the requested action and its full surrounding context, ClawGuard detects and blocks high-risk behavior including secret exposure, destructive actions, unauthorized network access, prompt injection driven abuse, privilege escalation, and rogue autonomous operations. 

Each tool call is assessed with contextual awareness and returned with a structured risk verdict covering severity, category, and reasoning. High-risk actions can be blocked automatically, all verdicts are logged for audit and investigation, and human operators retain the ability to override enforcement decisions and customize the underlying security-judging prompt to match their organization's threat model.

The tool is configurable, extensible, and designed for teams that want practical security controls for agentic workflows without relying on static rules alone.

Then NVIDIA Showed Up

When NVIDIA announced NemoClaw at GTC, it did two things simultaneously

1. It validated everything Capsule Security had been saying about the agentic threat surface, and 
2. It made ClawGuard more relevant than ever.

NemoClaw is NVIDIA's open source plugin for the OpenClaw platform. It wraps an agent's execution environment in a hardened sandbox that controls network egress, blocks unauthorized filesystem access, restricts dangerous syscalls, and routes inference calls through a controlled backend. Think of it as building a secure cage around the environment where the agent runs, one that limits how far damage can spread if something goes wrong at the OS or network level. That is a meaningful and necessary contribution to the space.

But infrastructure-level controls have a ceiling, and that ceiling is intent.

An agent compromised through a multi-turn manipulation attack will often produce actions that are completely legal at the OS level. The syscall is permitted, the network destination is allowed, the filesystem path is accessible. NemoClaw provides the right guardrails at that layer but has no mechanism to intervene beyond it. 

ClawGuard operates inside the decision loop itself, reading the full session context to understand not just what the agent is calling but why it is calling it given everything that has happened in the session so far. That is how it catches what infrastructure controls cannot see: command injection that looks like a legitimate shell operation, credential exposure dressed up as a routine file read, data exfiltration hiding inside an authorized network call, prompt injection attacks that have been steering the agent across multiple turns toward an outcome the user never intended.

Together, the two tools illustrate what layered AI agent security actually looks like in practice. NemoClaw keeps the blast radius contained at the infrastructure level. ClawGuard catches the semantic risks before they ever reach that layer. Each tool addresses a threat class the other cannot see, and together they cover the full threat surface of an autonomous agent in production.

NVIDIA building infrastructure-level security for AI agents into the ecosystem is a signal the industry cannot ignore. Capsule Security has been making the case that behavioral, intent-aware security is the necessary complement to that infrastructure layer, and NemoClaw makes that case clearer than ever.

Both tools are open source and install through the same OpenClaw plugin system.

NemoClaw: github.com/NVIDIA/NemoClaw  

ClawGuard: github.com/capsulesecurity/clawguard 

‍