SentinelOne has introduced ClawSec, an open-source security suite designed to support the protection of OpenClaw agent deployments. The project is intended to strengthen the security framework around AI technologies.
The launch of ClawSec focuses on addressing potential vulnerabilities that autonomous agents may encounter, including supply chain risks and prompt injection threats. The initiative builds on efforts to improve security controls around AI agent environments.
ClawSec operates as a protection layer for AI agents, designed to verify that skill downloads are legitimate and to limit unauthorised data egress. It connects to a live, community-driven threat advisory feed to inform its security checks.
Key capabilities include:
- Supply Chain Control – Uses signed checksums and mirrored hosts to validate the authenticity of agent skills across different package formats.
- Pre-Deployment Scans – Conducts assessments of potential vulnerabilities before deployment to help identify configuration issues.
- Community Intelligence – Draws on data from sources such as the National Vulnerability Database and maintainer reports from GitHub to maintain visibility into emerging threats.
As an open-source project, SentinelOne invites developers to contribute by creating secure skills and participating in a private beta. Contributors can engage with the project and access the advisory feed as part of development efforts.
Alongside ClawSec, SentinelOne is also launching OneClaw, an observability tool aimed at providing visibility across organisations deploying autonomous agents.
OneClaw includes:
- Comprehensive Discovery – Identifies agent deployments to help organisations track deployments and potential agent sprawl.
- Behavioural Observability – Provides insights into agent behaviour, outbound connections and execution patterns to support risk assessment.
- Integration Capability – Enables integration with existing security infrastructure to support oversight and governance.
Together, ClawSec and OneClaw provide tools intended to support visibility and security for AI agent deployments within enterprise environments.
