Product Introduction
- Definition: IronClaw is an open-source, Rust-based security framework for AI agents, operating within Trusted Execution Environments (TEEs) on NEAR AI Cloud. It falls under the technical category of confidential computing solutions for AI automation.
- Core Value Proposition: IronClaw exists to eliminate credential exposure risks in AI agents like OpenClaw. Its primary purpose is to safeguard API keys, tokens, and passwords using hardware-enforced encryption and sandboxing, enabling secure task automation without compromising sensitive data.
Main Features
- Encrypted Vault:
Credentials are stored in a hardware-secured vault encrypted at rest. Secrets are injected only at the network boundary for allowlisted endpoints via Rust’sSecret<String>type (withZeroOnDropfor memory sanitization). The LLM never accesses raw values, preventing prompt injection theft. - Wasm-Sandboxed Tools:
Each tool runs in isolated WebAssembly (Wasm) containers with capability-based permissions. Wasm modules undergo strict validation (wasmparser::validate), blocking unsafe ops. Resource limits and network allowlisting prevent data exfiltration. - TEE-Encrypted Enclaves:
Deploys on NEAR AI Cloud’s Trusted Execution Environments (TEEs/CVMs). Memory remains encrypted from boot to shutdown, shielding data even from cloud providers. Rust’s compile-time memory safety eliminates garbage collector risks. - Real-Time Leak Detection:
Scans all outbound traffic for credential patterns. Secrets heading to non-allowlisted endpoints (AllowList.permits()) are blocked automatically, mitigating silent exfiltration.
Problems Solved
- Pain Point:
OpenClaw’s vulnerabilities—prompt injections stealing credentials, malicious skills exfiltrating secrets, and exposed internet-facing instances. IronClaw architecturally neutralizes these via hardware-backed isolation. - Target Audience:
- Security Engineers managing AI agent deployments
- DevOps Teams automating tasks with sensitive credentials (e.g., API integrations)
- OpenClaw Users requiring zero-trust alternatives
- Use Cases:
- Secure automation of CRM/data pipeline tasks using private API keys
- Safe execution of third-party Wasm skills without credential exposure
- Compliance-sensitive industries (finance/healthcare) deploying AI agents
Unique Advantages
- Differentiation vs. OpenClaw:
Feature OpenClaw IronClaw Language TypeScript (GC-based) Rust (memory-safe) Secret Handling LLM sees raw values Vault-injected, zero-trust Tool Isolation Shared process Wasm sandbox per tool Network Control Unrestricted Allowlist-only - Key Innovation:
Merging TEEs with Wasm sandboxing and Rust’s memory safety for runtime-enforced security. Unlike software-only solutions, IronClaw’s encrypted enclaves provide hardware-rooted trust, while Wasm prevents lateral movement of compromised tools.
Frequently Asked Questions (FAQ)
- How does IronClaw prevent prompt injection attacks?
IronClaw isolates credentials in a TEE-encrypted vault, ensuring the LLM only receives placeholders. Secrets inject solely into allowlisted HTTP requests, making extraction via prompt injection impossible. - Can IronClaw run on-premises or only on NEAR AI Cloud?
While optimized for 1-click NEAR AI Cloud deployment (with TEE support), IronClaw’s open-source Rust core allows local execution. However, TEE benefits require compatible hardware. - Is IronClaw compatible with existing OpenClaw skills?
Yes, but skills must be recompiled into Wasm modules and undergo sandbox validation (verify_wasm()). IronClaw blocks skills with unsafe ops or hidden exfiltration attempts. - Why use Rust instead of languages like Go or Python?
Rust’s compile-time memory safety eliminates buffer overflows, use-after-free errors, and GC pauses—critical for vault operations and enclave reliability. - How does leak detection work in outbound traffic?
IronClaw scans payloads and headers for credential patterns (e.g., 32-character hex strings). Matches destined for non-allowlisted URLs (AllowList.permits()) are blocked pre-transmission.
