Security Model
Microsoft, Cisco, CrowdStrike, and Gartner all agree: AI coding agents have serious security gaps. We love OpenClaw. That's why we secure it.
The Reality
OpenClaw agents get shell access, file system access, and network access. There's no built-in permission layer. Every agent can do everything the host user can do.
API keys, SSH keys, cloud credentials — all accessible to agents running on the host. One prompt injection away from exfiltration. Microsoft's Security Blog calls this a critical risk.
What did the agent do? When? Why? Without cryptographic logging, you can't answer these questions. Gartner describes AI agents as "insecure by default."
"AI agents expand the attack surface in ways most organizations aren't prepared for."
— Cisco Security Blog
"Agent-based AI introduces new classes of vulnerabilities including tool misuse, privilege escalation, and data exfiltration."
— CrowdStrike
How Pinchy Solves This
Pinchy sits between your users and OpenClaw. Every request goes through authentication, permission checks, and audit logging before OpenClaw ever sees it.
Security Features
OpenClaw runs inside a Docker container with no exposed ports. It's only reachable through Pinchy's authenticated WebSocket bridge. Agents never communicate directly with the outside world — every request passes through Pinchy's permission layer first.
Works todayAll API provider keys (Anthropic, OpenAI, Google) are encrypted at rest with AES-256-GCM. Keys are decrypted only when needed for model requests, never stored in plaintext.
Works todayAgents start with zero tools. Admins explicitly enable each tool — an allow-list, not a deny-list. A marketing agent gets "Post to Slack." It doesn't get shell access. Shell exists as a tool but must be deliberately enabled by an admin who accepts that responsibility.
Works todayEvery user gets their own conversation sessions per agent. No cross-user access to conversations. WebSocket connections are authenticated via cookie-based session validation on every upgrade.
Works todayRole-based access control at the enterprise level. Define who can create agents, who can use which agents, and who can view audit logs. Group-based permissions for teams and departments.
Almost shipped (PR #40)Every tool call, every message, every action — logged and signed with HMAC. Tamper-proof. Export to CSV. Verify the integrity chain at any time. Your compliance team will love this.
Works todayUnlike bare OpenClaw where agents get everything, Pinchy agents start with nothing. No shell, no file access, no network tools. Every capability must be explicitly granted by an admin. The shell tool exists for power users who need it — but it's a conscious decision, not a default.
Works todayThe OpenClaw gateway is only reachable internally. The gateway token is auto-generated at startup and stored in a separate, scoped file. No manual credential management, no exposure risk.
Works todayOur Position
OpenClaw is an incredible agent engine. It's powerful, flexible, and open source. But it was built for individual developers, not enterprise teams. Pinchy doesn't replace OpenClaw — it wraps it in the security layer that enterprises need. Same power, proper governance.
Book a call and we'll walk through the security architecture with your team.
Book a Security Review →Or email us: hey@clemenshelm.com