Security Disclaimer

Last updated: June 11, 2026

The short version: Clawmont adds a defense-in-depth layer to your OpenClaw agents, but no security product can guarantee complete protection — including this one. It is designed to catch the majority of known structural attack patterns; novel and deliberately obfuscated attacks are caught at a materially lower rate, and some attacks will always get through. We do not promise or warrant any detection rate. Keep your own security practices in place — you remain responsible for them.

1. A Defense Layer, Not a Guarantee

Clawmont is defense in depth for AI agents — a security monitoring layer, not a complete security solution. It scans prompts, tool calls, and outputs for known attack patterns — prompt injection, credential leaks, dangerous commands, protected-path access — and is designed to block or alert on what it detects. It does not guarantee that any particular attack will be detected or blocked, and it is not a substitute for your own security practices.

2. Honest Detection Testing

We test continuously against an internal red-team corpus of thousands of adversarial samples and publish our methodology openly. Against attack patterns the detectors have already been tested on, Clawmont catches the large majority. We deliberately do not publish a headline percentage as a user-facing claim: any such number reflects a specific corpus at a point in time and is not a promise or warranty of any detection rate against real-world traffic.

Just as importantly, we test generalization — we author fresh attack corpora using wording and evasion techniques the detectors have never seen. On those, detection is materially lower than on previously-seen patterns. This is expected and honest: pattern- and vocabulary-based detection covers what it has seen far better than what it has not, and natural-language attacks can always be rephrased. An optional model-based judge layer adds further coverage on borderline inputs. Real-world traffic includes novel attacks, so treat Clawmont as one layer that significantly reduces risk — not as a complete or guaranteed defense. We will never claim 100% detection or "complete protection."

3. Known Limitations

  • Detection is primarily pattern- and vocabulary-based. In our own generalization tests, deliberately novel attacks are caught at a materially lower rate than previously-seen patterns — attacks crafted to evade known patterns frequently get through.
  • New attack techniques appear constantly. There is always a window between a new technique emerging and our rules covering it.
  • Clawmont inspects traffic through your OpenClaw gateway. Activity that bypasses the gateway entirely is outside its view.
  • Like any detection system, it can produce false positives (blocking safe actions) and false negatives (missing unsafe ones).

4. Your Responsibilities

You remain responsible for your own security practices at all times. Clawmont is one layer among several, never the only one:

  • Give your agents the minimum credentials and file access they need — least privilege still applies.
  • Review what your agents do, especially actions that touch money, credentials, or production systems.
  • Keep backups and rotate keys on a schedule, independent of any tooling.
  • Treat alerts as a starting point for investigation, not the full story.

5. No Warranty

Clawmont is provided "as is" and "as available," without warranty of any kind, express or implied — including implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the service will be uninterrupted, error-free, or that it will detect or prevent any particular threat. Liability is further limited as described in the Terms of Service. Nothing on this page limits statutory rights that cannot be waived under applicable law.

6. Contact

Found a gap or want to report a vulnerability? Email [email protected]. General questions: [email protected].