Security Skills How It Works Integrations Docs

Zero trust
capability enforcement
for AI agents.

Tamper-proof Storage

ENS

Identity Anchors

L2.5

Middleware Layer

ARCHITECTURE

Layer 2.5 Security
for the Agentic Web.

Declarative Capability Enforcement

Stop unauthorized tool calls before they execute. ClawGuard intercepts OpenClaw agent dispatches and verifies them against a cryptographic manifest hash anchored on-chain.

Immutable 0G Audits

Violations are automatically logged to 0G File Storage, creating a tamper-proof append-only audit trail.

ENS Skill Discovery

Every agent skill is dynamically resolved via ENS text records (e.g. defi-reader.skills.clawhub.eth).

On-chain SkillRegistry

Verify 0G Compute sealed inference and anchor manifest hashes to a Galileo testnet smart contract.

SECURE SKILLS

Capabilities governed
by cryptography.

ClawGuard parses SKILL.md, computes a SHA-256 hash, and verifies integrity at runtime (Rule S-03).

DEFI-READER

ACTIVE

Read-only DeFi monitoring

Monitors on-chain price feeds, liquidity pools, and market data without write permissions. All tool calls enforced by ClawGuard manifest.

0 violations

clean record

ENS verified

defi-reader.skills.clawhub.eth

ACTIVE

ROGUE-DEFI

BLOCKED

Blocked wallet transfers

Attempted unauthorized wallet.transfer call — intercepted by ClawGuard middleware. Violation logged to 0G Storage, audit trail immutable.

3 blocked

violations logged

0G audit

tamper-proof log

BLOCKED

CODE-REVIEWER

VERIFIED

Repository analysis agent

Reads source code, runs static analysis, and drafts PR comments. shell.exec permanently blocked. Manifest hash anchored on SkillRegistry.sol.

SHA-256

manifest verified

on-chain

SkillRegistry badge

VERIFIED

DATA-PROCESSOR

MONITORED

Structured data transformation

Parses inbound JSON payloads, transforms and routes to downstream APIs. Network calls scoped to allowlist. Revocable via ENS status field.

ENS gate

revocation ready

fail-closed

rule S-01 enforced

MONITORED

CLI TOOLCHAIN

From local SKILL.md
to global enforcement.

Declare

Define allowed tools and boundaries in a simple SKILL.md file.

Publish

CLI command computes SHA-256 and uploads manifest to 0G File Storage.

Register

Hash is anchored on-chain and registered to an ENS subnode.

Enforce

Middleware intercepts calls, compares runtime request with on-chain hash.

LIVE AUDIT STREAM

Real-time tool
interception.

ClawGuard intercepts open claw dispatches globally. Violations trigger an immediate upload to 0G storage.

3,847violations blocked globally

SKILLTOOL CALLNETWORKSTATUS

defi-reader

#A1B2C3

wallet.read_balance → ALLOWED

0g-galileo

enforcing

rogue-defi

#D4E5F6

wallet.transfer → BLOCKED ⛔

sepolia-ens

blocked

code-reviewer

#G7H8I9

shell.exec → BLOCKED ⛔

clawhub.eth

blocked

data-processor

#J0K1L2

data.parse_json → ALLOWED

eu-west

enforcing

log-auditor

#M3N4O5

0G audit log → uploaded ✓

0g-galileo

verified

tx-validator

#P6Q7R8

manifest verified → SHA-256 ✓

clawhub.eth

verified

Developer Experience

3 lines of code.
Enterprise-grade security.

terminal

# Install ClawGuard middleware

$ npm install @shanejoans/clawguard

# Run preflight checks

$ npm run preflight

✓ 0G Chain RPC reachable (16602)

✓ ENS resolution active

✓ ClawGuard ready

Secure your agents
with ClawGuard.

Open source middleware built for the ETHGlobal OpenAgents Hackathon.

VIEW ON GITHUB READ DOCS

Zero trustcapability enforcementfor AI agents.

Layer 2.5 Securityfor the Agentic Web.