ClawLock is a defense-in-depth layer, not a guarantee of safety. It may reduce risk by gating consequential actions, keeping some secrets out of model context, and introducing stronger control boundaries, but it cannot eliminate prompt injection, infrastructure compromise, malicious skills, token theft, operator error, or design flaws.
- This software is provided as-is under the MIT license, without warranty of any kind.
- No security control can fully prevent a sufficiently sophisticated prompt injection or operator mistake.
- The security of the vault depends on your PIN, host hardening, and deployment hygiene.
- Optional process isolation is currently tested on Linux only and may not work on other operating systems.
- You remain responsible for reviewing approvals, protecting your environment, and deciding what the agent is allowed to do.
ClawLock may reduce risk. It does not eliminate it.