Secure capability proxy for AI agents

Your AI Agent Is Isolated.
It Still Needs Your Files.

ClawGate gives isolated AI agents scoped, time-limited, audited access to your files, git repos, and custom CLI programs - without exposing your machine.

Assume the agent is compromised.

$ curl -sSL https://clawgate.io/install.sh | sh

E2E encrypted Signed tokens Revocable access Full audit log

View on GitHub Learn More →

Agent Integration

Works With Any Agent

Skill files for CLI-based agents. MCP server for tool-based agents.

OpenClaw Skill file (CLI)

Claude Code Skill file + MCP

Cursor MCP server

OpenCode Skill file + MCP

Codex Skill file + MCP

Capabilities

Grant Exactly What's Needed. Nothing More.

Specific paths, specific tools, specific operations, for a specific time. Every access audited.

Files

Read, write, stat - scoped to paths you choose.

Git

Three permission tiers. Allowlists block dangerous flags.

Custom Tools

Revocable

Kill tokens instantly. Dead credential, no agent contact needed.

Full Audit

Every operation logged with path, tool, timestamp, result.

See It in Action

Real Usage with OpenClaw

An OpenClaw agent on Telegram reads files securely. Your machine logs every access.

🤖

Echo128 · OpenClaw Agent

Hey Echo! Can you read my
/home/m64/space/ai/clawgate
What's in there? Show me the first 5 lines of the LICENSE file?

Here's your ClawGate project!

src/ docs/ skills/ testing/ scripts/
build.zig README.md LICENSE ...

LICENSE (first 5 lines):

MIT License
Copyright (c) 2026 M64
Permission is hereby granted...

Want me to dive into any specific file?

📋 Audit Log - your machine

2026-02-08T02:36:28Z AUDIT
req=req_d1f050.. op=list
path=/home/m64/space/ai/clawgate
success=true

2026-02-08T02:36:28Z AUDIT
req=req_31ecdc.. op=read
path=.../clawgate/LICENSE
success=true

What if the agent tries something it shouldn't?

req=req_552621.. op=read
path=/home/m64/.ssh/id_rsa
success=false error=ACCESS_DENIED

Your AI Agent Is Isolated.It Still Needs Your Files.