Most AI agents let the LLM run shell/API/fs with host privileges. Prompt injection = instant RCE.

ClawZero adds a deterministic execution boundary between model output and tool execution.

Try it yourself:

  pip install clawzero
  clawzero demo openclaw --mode compare --scenario shell

Result:

  Standard OpenClaw → COMPROMISED
  ClawZero          → BLOCKED 
  Policy            → mvar-security.v1.4.3
  Witness           → ed25519 signed artifact

Attack path vs defense path diagram: https://raw.githubusercontent.com/mvar-security/clawzero/mai...

Early release. Harness + OpenClaw simulation only — not yet tested end-to-end on live multi-turn agents in production. That's next.

If you're running agents (LangChain, CrewAI, AutoGen, OpenClaw, etc.) and want to try it live:

  Open an issue or email shawn@mvar.io

Happy to pair debug and share results.

GitHub: github.com/mvar-security/clawzero Powered by MVAR: github.com/mvar-security/mvar

Curious what people think about moving enforcement outside the model loop vs prompt filtering / LLM judges — especially if Jensen Huang drops something agent-related at GTC today ;)