tophant-ai / ClawVault

OpenClaw Security Vault — Atomic "claw" control: every AI reach, within your sight. **English** | **中文** 🎯 ClawVault is right for you if • ✅ You want **visual monitoring** of AI agents and model invocations • ✅ You need **atomic control** over agent capabilities and permissions • ✅ You want **generative policies** that adapt to new threats automatically • ✅ You need **real-time alerts** when sensitive assets are accessed • ✅ You want **budget control** over AI token usage and costs • ✅ You need **security detection** for sensitive data, injections, and dangerous commands • ✅ You want a **unified dashboard** to manage all your AI security policies Core Capabilities • Visual Monitoring Users can configure their own "vault" and lock in Agents, Skills, credentials, and files they care about. When someone touches these assets, the "Security Lobster" will notify you via IM: who touched what in your vault yesterday. **Technical Implementation**: • Event collection based on API gateway and file-side monitoring (invocation records, file access, change tracking) • Supports periodic change notifications and real-time alerts • Atomic Control Fine-grained control at the Agent level, using composable "atomic capabilities" as the smallest unit: • Agent interaction and invocation policies • Model routing, whitelists, and quota control • Security detection (sensitive info recognition, credential detection, prompt injection protection, etc.) • File access permission constraints Users can combine these atomic capabilities like "building blocks" to create reusable policy configurations. • Generative Capabilities Each "storage chamber" in the vault includes built-in basic security scenarios and allows users to add detection scenarios and Skills via natural language by mobilizing atomic capabilities. **Example**: Tell the system via chat interface: The system will automatically generate and execute the corresponding policy rules. --- ✨ Features • **🔍 Sensitive Data Detection** — API keys, passwords, PII, credit cards, and 15+ pattern types • **🛡️ Prompt Injection Defense** — Block role hijacking, instruction override, data exfiltration • **⚠️ Dangerous Command Guard** — Intercept , , privilege escalation • **🔄 Auto-Sanitization** — Replace secrets with placeholders, restore on response • **💰 Token Budget Control** — Daily/monthly limits with cost alerts • **📊 Real-time Dashboard** — Web UI with per-agent config, detection details, quick tests The vault includes a **transparent proxy gateway module** that intercepts traffic between your AI tools and external APIs (OpenAI, Anthropic, etc.). 🚀 Quick Start 🚀 Deploy to Server 📜 Scripts | Script | Usage | |--------|-------| | | Deploy to cloud server | | | Start ClawVault (add to also start OpenClaw) | | | Stop all services | | | Run CLI + API tests | | | Setup OpenClaw proxy integration | | | Uninstall and restore original state | 🏗️ Architecture ⚙️ Configuration 📊 Development Progress | Capability Module | Status | Notes | |---------|------|------| | API Gateway Monitoring & Interception | ✅ Implemented | V1 core capability | | File-side Monitoring | 🚧 In Progress | Gradual integration | | Agent-level Atomic Control | 🚧 In Progress | Gateway-side available, expanding to other scenarios | | Generative Policy Orchestration | 🚧 In Progress | Gradual integration | --- 📚 Documentation | Document | Description | |------|------| | Development Setup | Local dev environment | | Production Deployment | Deploy to server | | OpenClaw Integration | Connect with OpenClaw | | Architecture | System design & modules | | Guard Modes | strict / interactive / permissive | | Scenarios | Use cases & roadmap | See doc/ for the full documentation index. 🛠️ Development 📄 License MIT © 2026 Tophant --- 🤝 Community • GitHub Issues — Bug reports and feature requests • Security Issues — Security vulnerability reports --- 🦞 Built for people who want to secure AI, not babysit agents. Back to top ↑