Introducing SafeClaw: Action-Level Gating for AI Agents

Clawdbot has leaked over 1.5 million API keys in under a month. That is not a hypothetical. That is a measured number from a real tool that real people used.

AI coding agents run shell commands, write files, and make network requests. Most of them do this with zero oversight. You paste your OpenAI key into an environment variable, hand control to an agent, and hope for the best. The people most at risk are non-technical users who just want AI help with their code and have no way to audit what the agent is doing behind the scenes.

This is the problem SafeClaw was built to solve.

How We Knew This Was Real

Before SafeClaw existed, we shipped a smaller tool called Authensor as a marketplace item on OpenClaw. It did one thing: gated authorization for agent actions. It hit 300 downloads in a couple of days. No marketing budget, no launch campaign. People found it because they were already looking for a solution.

That confirmed the demand. We spent the next four months building SafeClaw as a standalone product.

What SafeClaw Does

SafeClaw sits between your AI agent and every action it tries to take. File writes, shell commands, network requests. Nothing executes until it clears your policy.

The agent wants to write to /etc/hosts? Policy says deny. Blocked. Wants to write to ~/projects/app.ts? Policy says allow. Proceeds. Wants to run sudo apt install? Policy says require approval. You get a prompt and you decide.

Deny-by-Default

The default policy denies everything. You build up permissions from zero rather than trying to lock down from full access. If the Authensor control plane is unreachable, everything is blocked. There is no fallback that quietly lets actions through.

Conditional Rules

Rules match on action type, path patterns, command strings, network destinations, and agent identity. Each rule has a condition and an effect:

• file_write to ~/projects/** → ALLOW
• file_write to /etc/** → DENY
• shell_exec containing sudo → REQUIRE_APPROVAL
• network to 169.254.169.254 → DENY

Simulation Mode

Run the engine without enforcing. Every action gets logged as "would allow" or "would deny." Tune your policies before going live. When everything looks right, switch to enforcement.

Tamper-Proof Audit Trail

Every action, allowed or denied, is recorded with a SHA-256 hash of the previous entry. Alter any entry and the chain breaks. The entire history is verifiable. Stored locally, exportable for external audit.

Technical Decisions

Zero third-party dependencies. The policy engine, audit trail, dashboard, and crypto are all built from scratch. For a security tool, every dependency is attack surface.

Sub-millisecond evaluation. Policy checks are local. No network round trips. The agent does not notice.

Works with Claude and OpenAI out of the box. Also supports LangChain or any agent framework that produces structured action requests.

446 tests. TypeScript, strict mode. The entire client is 100% open source.

No config files. No CLI expertise required. SafeClaw opens a browser dashboard with a setup wizard. You create your first policy in 60 seconds. If you can use a web browser, you can set up SafeClaw.

The Control Plane

The Authensor control plane is hosted and only sees action metadata. It never sees your keys or your data. The client that runs on your machine is fully open source and auditable. You can read every line of code that touches your environment.

Try It

npx @authensor/safeclaw

Browser opens. Dashboard loads. Setup wizard walks you through your first policy.

Free tier available with renewable 7-day keys. No credit card required. Request your free token through the setup wizard.

• GitHub: github.com/AUTHENSOR/SafeClaw

Built over 4 months by an independent developer on the Authensor authorization framework.