AI / Agentic

Show HN: ClawShield – Open-source security proxy for AI agents (Go, eBPF)

HackerNews · sleuthco3/2/2026, 1:11:57 AM 2 points 1 comments
View Original Source

Summary

Author here. ClawShield is a security proxy that sits in front of OpenClaw (open-source AI gateway) and scans all inbound&#x2F;outbound messages.<p>The core is an HTTP&#x2F;WebSocket reverse proxy in Go (~6k lines) with four scanners:<p>1. Prompt injection detection - three tiers: regex heuristics (role overrides, instruction injection, delimiter attacks, encoding attacks), structural analysis (base64-decoded instruction blocks, imperative verb density scoring), and canary token leak detection.<p>2. Secrets&#x2F;PII scanning - regex argument filters applied to decoded JSON values (defeats unicode escape bypasses like \u0070assword).<p>3. Vulnerability scanning - SQLi (UNION, tautologies, blind with SLEEP&#x2F;BENCHMARK), SSRF (private IPs, cloud metadata at 169.254.169.254, decimal&#x2F;hex IP encoding, dangerous schemes like gopher:&#x2F;&#x2F;), path traversal (double URL-encoding, null bytes), command injection (shell metacharacters, backtick execution), XSS.<p>4. Malware detection - magic bytes for PE&#x2F;ELF&#x2F;Mach-O, YARA-like signature rules for reverse shells and C2 frameworks, archive bomb detection via compression ratio, Shannon entropy analysis.<p>Policy engine is deny-by-default YAML. You define tool allowlists, denylists, per-tool argument filters, domain allowlists, and per-agent&#x2F;per-channel restrictions. Every decision is logged to SQLite.<p>Optional extras: iptables egress firewall (Go, generates validated rules from YAML) and eBPF kernel monitor (Python&#x2F;BCC - traces execve, tcp_v4_connect, openat2, setuid for fork bomb&#x2F;privesc&#x2F;port scan detection).<p>Docker quickstart is 3 commands. Ten cross-compiled binaries on the release (proxy + setup wizard for linux&#x2F;mac&#x2F;windows, amd64&#x2F;arm64).<p>We run this in production at clawshield.sleuthco.ai.<p>I built this because I was contributing security patches to OpenClaw and the netfilter suite and kept seeing the same gap: the AI ecosystem has sophisticated multi-agent routing but no standardized way to inspect and control what flows through it.<p>Happy to answer questions about the scanner architecture, policy engine, or threat model.

Tags

#xss#sqli#ssrf#ai#agent#prompt injection#docker#windows#linux#malware

Metadata

Article ID
#198
Source
HackerNews
Scraped At
3/2/2026, 7:10:00 AM
URL Hash
9c82cd7737c7ff3f…