XSafeClaw - Keeping Your Claw Safe. Real-time monitoring and security for OpenClaw AI agents.
Project description
Build, Monitor, and Secure Your Agents
An Open-Source Agent Safety Platform
Real-time agent monitoring, security guardrails, and red-team testing for building reliable and safe AI agents.
๐ฌ Introducing XSafeClaw
๐ฐ News
Release notes and project milestones.
| Date | Update | |
|---|---|---|
| ๐ | 2026-04-13 | v 1.0.0 released โ First public release of XSafeClaw with Claw Monitor, Safe Chat, Asset Shield, Guard, Agent Office, and Onboard Setup. |
๐ What is XSafeClaw?
XSafeClaw is an open-source safety platform for AI agents, built to make agent behavior visible, controllable, and trustworthy. It turns complex agent execution into an intuitive visual โSafe Agent Valley,โ providing real-time monitoring, risk interception, human-in-the-loop governance, and automated red-team testing โ all accessible through a single xsafeclaw start command.
| Module | Description |
|---|---|
| Claw Monitor | Real-time session timeline with event tracking, token usage, tool call inspection, skills & memory scanning |
| Safe Chat | Secure gateway to chat with your OpenClaw agent with built-in guard protection |
| Asset Shield | File system scanning with risk classification (L0โL3), software audit, hardware inventory |
| Guard (AgentDoG) | Trajectory-level & tool-call-level safety evaluation with human-in-the-loop approval |
| Agent Office | PixiJS-powered 2D visualization of all agents' status and activities |
| Onboard Setup | Interactive wizard to install and configure OpenClaw CLI |
๐ Quick Start
pip install xsafeclaw
xsafeclaw start
Browser opens automatically at http://127.0.0.1:6874. If OpenClaw is not yet installed, the web UI will guide you through setup.
Common options:
xsafeclaw start --port 8080 # custom port
xsafeclaw start --host 0.0.0.0 # accessible from LAN
xsafeclaw start --no-browser --reload # headless dev mode
๐ก๏ธ Guard: How It Works
XSafeClaw's guard system protects users through a two-layer defense:
-
Trajectory-level evaluation โ The full conversation history is sent to a guard model (AgentDoG) that evaluates the entire interaction sequence for emerging risks across multiple turns.
-
Tool-call interception โ Every tool call passes through a
before_tool_callhook. If the guard model deems it unsafe, the call is held in a pending queue for human review.
Agent wants to run a tool
โ
โผ
Guard Model evaluates
โ
โโโโโโดโโโโโ
โ โ
Safe Unsafe
โ โ
โผ โผ
Execute Hold for human review
โโโโโโดโโโโโ
โ โ
Approve Reject
โ โ
โผ โผ
Execute Block + notify agent
When rejected (or timed out after 5 min), the agent is instructed to stop all subsequent actions, inform the user about the risk, and wait for explicit confirmation.
๐๏ธ Architecture
Browser (:6874)
โ
โโโโโโโโโโโโโดโโโโโโโโโโโโ
โ FastAPI Server โ
โโโโโโโโโโโโโโโโโโโโโโโโโค
โ Guard Service โโโโ AgentDoG model
โ File Watcher โโโโ ~/.openclaw/ JSONL sessions
โ Asset Scanner โโโโ File/software/hardware scanning
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โโโโโโโโโโดโโโโโโโโโ
โ โ
SQLite DB OpenClaw Sessions
~/.xsafeclaw/ ~/.openclaw/
OpenClaw Agent
โ before_tool_call hook
โผ
safeclaw-guard plugin โโโบ POST /api/guard/tool-check
| Layer | Technology |
|---|---|
| Backend | Python 3.11, FastAPI, SQLAlchemy (async), uvicorn |
| Frontend | React 19, TypeScript, Vite, Tailwind CSS 4 |
| Database | SQLite (via aiosqlite) |
| Guard Model | AgentDoG (configurable base URL & model) |
Full API docs available at http://localhost:6874/docs when running.
๐ฆ Installation
For detailed installation procedures, see the installation guide.
[!TIP] Requires Python 3.11+. The frontend is pre-built and bundled โ no Node.js needed for production.
# From PyPI (recommended)
pip install xsafeclaw
# From GitHub
pip install git+https://github.com/XSafeAI/XSafeClaw.git
# From source
git clone https://github.com/XSafeAI/XSafeClaw.git
cd XSafeClaw && pip install .
# Development
git clone https://github.com/XSafeAI/XSafeClaw.git
cd XSafeClaw && pip install -e ".[dev]"
๐ Install the Guard Plugin
To enable real-time tool-call interception in OpenClaw:
cp -r plugins/safeclaw-guard ~/.openclaw/extensions/safeclaw-guard
Then add to ~/.openclaw/openclaw.json:
{
"plugins": {
"entries": {
"safeclaw-guard": {
"path": "~/.openclaw/extensions/safeclaw-guard"
}
}
}
}
โ๏ธ Configuration
XSafeClaw works out of the box with sensible defaults. Copy .env.example to .env to customize:
| Variable | Default | Description |
|---|---|---|
API_PORT |
6874 |
Server port |
API_HOST |
0.0.0.0 |
Bind address |
OPENCLAW_SESSIONS_DIR |
~/.openclaw/agents/main/sessions |
OpenClaw session directory |
GUARD_BASE_URL |
(auto-detected) | Guard model API base URL |
GUARD_BASE_MODEL |
(auto-detected) | Guard model ID |
If guard variables are not set, XSafeClaw reads model configuration from ~/.openclaw/openclaw.json automatically. See .env.example for the full list.
๐ง Development
Prerequisites: Python 3.11+, Node.js 18+, uv (recommended)
git clone https://github.com/XSafeAI/XSafeClaw.git && cd XSafeClaw
# Backend
uv venv && uv pip install -e ".[dev]"
python run.py # http://localhost:6874, auto-reload
# Frontend (separate terminal)
cd frontend && npm install && npm run dev # http://localhost:3000, HMR
# Build frontend for production
cd frontend && npm run build # outputs to src/xsafeclaw/static/
โญ Star History
๐ Acknowledgements
- OpenClaw โ The personal AI assistant platform that XSafeClaw is designed to protect. OpenClaw's open plugin architecture makes our guard integration possible.
- AgentDoG โ The diagnostic guardrail framework for AI agent safety. XSafeClaw's guard module is powered by AgentDoG's trajectory-level risk assessment and fine-grained safety taxonomy.
- ISC-Bench โ Research on Internal Safety Collapse in frontier LLMs. ISC-Bench's insights into task-completion-driven safety failures have informed our red team testing design.
- AgentHazard โ A benchmark for evaluating harmful behavior in computer-use agents. AgentHazard's attack taxonomy and execution-level risk categories have shaped our threat modeling.
โ ๏ธ Disclaimer
[!CAUTION] XSafeClaw is a research tool intended for improving the safety of AI agent systems. The red team testing features are designed exclusively for defensive security research and evaluation purposes. Do not use this tool to cause harm or engage in any malicious activities.
๐ผ Commercial Use
XSafeClaw is open-sourced under the MIT License for academic research and personal use. For commercial licensing, enterprise deployment, or collaboration, please contact:
Email: xingjunma@fudan.edu.cn
๐ฅ Contributors
We welcome contributions of all kinds โ bug reports, feature requests, documentation, and code.
๐ License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xsafeclaw-1.0.1.tar.gz.
File metadata
- Download URL: xsafeclaw-1.0.1.tar.gz
- Upload date:
- Size: 67.1 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
38821cff9bbbf0be4264985647067490fd7f74424ccd8a9580b98b103902d061
|
|
| MD5 |
a5c716ebeeb6c562da1615518946e49c
|
|
| BLAKE2b-256 |
e53148127c40ea10d9e8709aa751e19f483637ce9fcaedb5fb8041572e38254c
|
File details
Details for the file xsafeclaw-1.0.1-py3-none-any.whl.
File metadata
- Download URL: xsafeclaw-1.0.1-py3-none-any.whl
- Upload date:
- Size: 59.3 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3860a0356e71cddd26f680a5376f8342bfb666c24926a20320135773fe8083ff
|
|
| MD5 |
d345ac27038f56ea6e90481f1a03d3ce
|
|
| BLAKE2b-256 |
cc0ff80cb1e20a9419f5016ad527f209f8fb999ed4a65d13a0699aa526738a65
|
