How we protect your agents.
Seven security layers from hardware isolation to egress monitoring. Three are live today.
We scanned 988 skills from the OpenClaw registry. 12 contained malicious payloads. 70+ had credential theft patterns.
Seven layers of defense
Three layers are live today. Four more are in development — all will ship to every plan at no extra cost.
Agent isolation
LiveEach agent runs in its own Firecracker microVM with its own kernel and memory. Agents share nothing. Built on the same hypervisor technology behind AWS Lambda.
Stops container escapes, cross-agent data access, and shared-kernel exploits.
Skill scanning
LiveStatic analysis scans every skill before execution, catching injection patterns, exfiltration attempts, and known attack signatures.
Catches malicious code before it touches your infrastructure.
Audit trail
LiveImmutable log of every agent action. Full session replay. Searchable, exportable, retained per your plan.
No breach goes undetected. No action goes unrecorded.
Dependency checking
In developmentDependencies are scanned against CVE databases and analyzed for supply chain risks: typosquatting, malicious packages, vulnerable versions.
Blocks supply chain attacks and vulnerable packages before they reach your agents.
MCP gateway
In developmentMCP tool traffic routes through a centralized gateway. You set rate limits, content filters, and access policies.
You control what tools agents can reach and how often.
Credential scoping
In developmentWe encrypt credentials at rest and log every access. Agents receive scoped tokens with minimum permissions that expire when the task ends.
Agents never touch your real keys.
Egress monitoring
In developmentWe monitor and log outbound connections, filterable by domain allowlist. Anomalous traffic triggers alerts.
Flags unauthorized connections before data leaves your environment.
Vett Enclave vs. typical OpenClaw hosts
Most OpenClaw hosts run agents in Docker containers sharing one kernel. Here's how Vett Enclave compares.
| Feature | Vett Enclave | Typical OpenClaw hosts |
|---|---|---|
| Isolation modelLive | Dedicated microVM per agent — separate kernel, separate memory | Docker containers sharing one kernel |
| Escape impactLive | Agent can only access its own VM — nothing else exists | Container escape exposes every agent on the host |
| Credential handlingIn dev | Scoped tokens with auto-expiration — agents never see real keys | API keys in environment variables, shared across containers |
| Skill vettingLive | AST analysis + sandboxed execution before any skill runs | No pre-execution analysis |
| Dependency securityIn dev | CVE scanning + typosquatting detection on every dependency | No dependency checking |
| Network controlIn dev | Per-agent egress monitoring with domain allowlists | Shared network, no per-agent visibility |
| Audit capabilityLive | Immutable logs with full session replay | Basic container logs, no session replay |
| MCP trafficIn dev | Centralized gateway with rate limiting and content filtering | Direct, unmonitored MCP connections |
Secure OpenClaw hosting, built from the ground up.
Founding members lock in their rate for life. 100 spots.
Claim your spot