The security stack behind Enclave.
Secure OpenClaw hosting with the full security stack. Every feature below ships on every plan.
Agent isolation
LiveEvery agent runs on its own machine.
A full Firecracker microVM — own kernel, own memory, nothing shared. If one agent is compromised, nothing else is reachable.
Firecracker microVMs — the same hypervisor technology AWS built for Lambda. Each agent boots its own Linux kernel in under 125ms. Each agent gets dedicated memory in its own microVM. No memory is shared between agents. No shared filesystem, no shared network namespace.
Skill scanning
LiveSkills are analyzed before they run.
Before any skill executes, static analysis checks for shell injection, credential exfiltration, and unauthorized network access. We block malicious skills before they touch your infrastructure.
Static analysis at the AST level catches injection patterns, credential access attempts, and data exfiltration techniques. Skills are executed in a sandboxed environment before being approved. Each skill receives a reputation score based on its behavior profile.
Browse scan results in the registryDependency checking
In developmentNo vulnerable packages slip through.
Dependencies are checked against vulnerability databases and screened for supply chain attacks before reaching your agents.
Real-time CVE database cross-referencing on every dependency tree. Typosquatting detection compares package names against known registries. License compliance verified automatically. All dependencies pinned to specific versions.
MCP gateway
In developmentOne gateway for all tool traffic.
All MCP tool traffic routes through a gateway you control — rate-limited, filtered, and logged.
Centralized MCP traffic gateway with full request/response inspection. Rate limiting configurable per agent and per skill. Content filtering catches sensitive data before it leaves your environment.
Credential scoping
In developmentAgents never see your real API keys.
Credentials are stored encrypted. Access is logged and auditable. Agents get scoped tokens with minimum permissions. Tokens expire when the task ends.
Just-in-time credential provisioning with per-task permission boundaries. Scoped tokens carry the minimum permissions required. Tokens expire automatically on task completion.
Egress monitoring
In developmentYou control outbound connections.
See where your agents connect. Set domain allowlists. Get alerts on unusual traffic patterns.
DNS-level traffic inspection on all outbound connections. Configurable domain allowlists per agent or per skill. Bandwidth anomaly detection flags unusual transfer patterns.
Audit trail
LiveSee what your agents did.
Immutable log of every agent action. Replay full sessions. Search by agent, skill, or time range. Export for compliance.
Immutable append-only log architecture. Full session replay lets you step through decisions in sequence. Searchable by agent, skill, time range, or event type. Exportable in standard formats for compliance review.
Want the full threat model?
Read how each layer defends against specific attack vectors — from container escape to credential theft.
View security architectureGet started with hosted OpenClaw.
100 founding member spots. Your rate locks in for life.
Claim your spot