Run
OpenClawSafely.
OpenLeash is an open source runtime firewall for AI agents.
$ brew install openleash
$ openleash openclawOpenLeash in Action
Security Rules
Secret Exfiltration Shield
AI agent leaks .env, SSH keys, API tokens
Runtime Command Firewall
AI agent executes destructive commands
Workspace Isolation
AI agent escapes project and edits system files
Malware Dropper Protection
Stops curl | bash malware installs
Repository Integrity Lock
Prevents agents corrupting .git or repo history
Clipboard DLP
Prevents secrets copied to clipboard
Open Source, Community Driven
OpenLeash Core
Hooking to the agent
Enrichment
Context & event data
Rule Engine
Rego / Custom rules
Plugins
HITL, Memory, Logs
Bring Your Own Engine
OpenLeash strictly separates enforcement from decision logic. Use the built-in Rego/OPA engine, or plug in your own custom Python or Node.js decider.
Extensible Rules
Write deterministic evaluation scripts to fit your exact environment. If you can express the rule in code, OpenLeash can enforce it at runtime.
Community Updates
Benefit from a shared repository of security controls. As new agent attack vectors emerge, the community updates the shared rule definitions instantly.
Blog
View all posts →The Danger of Prompt Injection in AI Agents
An analysis of how malicious inputs can force agents to execute destructive commands on host machines.
Why Runtime Containment is the Future of Agent Security
Static analysis is insufficient for dynamic agents. A thesis on the necessity of runtime interception.
Securing OpenClaw with OpenLeash
A practical methodology for running OpenClaw agents safely using deterministic OpenLeash rules.