IronClaw
Secure, open-source alternative to OpenClaw
440 followers
Secure, open-source alternative to OpenClaw
440 followers
OpenClaw is powerful, but give it real credentials and you're exposed. Prompt injections steal API keys. Malicious skills grab passwords. IronClaw fixes this. Your credentials live in an encrypted vault inside a TEE — injected at the network boundary only for approved endpoints. The AI never sees the raw values. Every tool is Wasm-sandboxed. Outbound traffic is scanned for leaks. Built in Rust. Open source. Deploy on NEAR AI Cloud in one click.
This is solving a real problem. I've been wary of handing credentials to AI tools, and the encrypted vault approach feels like the right architecture. Curious: does the vault support hardware key unlock (like YubiKey or Touch ID), or is it passphrase-only for now?
Prompt injection stealing API keys is one of the biggest blind spots in AI agent security today. The TEE vault + boundary injection design here is a clever way to remove secrets from the agent context entirely.
Curious to see how this integrates with popular AI stacks. Congrats on the launch!
Finally, a privacy-first approach to AI agents! Moving from TypeScript to Rust for memory safety is a smart move, and the capability-based permissions in WASM make it way more viable for financial operations. To be honest, the installation process is still quite a hurdle, but the level of auditability and local data control is exactly what we need right now. Definitely keeping an eye on this one as it matures.
How are you validating real user behavior at IronClaw right now?
Isolating credentials from the model itself feels like the direction AI tooling needs to go, especially with prompt-injection risks growing fast.
The WASM sandbox & credential isolation architecture addresses real vulnerabilities we have seen in agent frameworks
Been testing IronClaw.
It’s basically OpenClaw, but I don’t have to worry about my keys getting leaked. That alone makes it worth it