Clawdit
Clawdit is an open-source runtime security tool for AI agents that intercepts, logs, and enforces policies on every tool call an agent makes. It acts as a local-first black box recorder, providing visibility into agent actions and blocking malicious behavior.

Key facts
What is Clawdit?
Open-source runtime security that gives you full visibility and control over your AI agent's tool calls, without cloud dependencies.
Who is Clawdit best for?
Developers, security engineers, AI agent users
What are its main limitations?
- Currently v0.1 – early stage, CLI only (dashboard coming Q2 2026)
- No built-in centralized log aggregation for teams (planned H2 2026)
- No SIEM integrations yet (planned for enterprise phase)
- Pricing not disclosed – open-source but may introduce paid enterprise features later
Limitations are based on product materials or editorial synthesis; confirm on the official site.
Key features
- ✓Intercepts every agent tool call as a transparent proxy
- ✓Logs all tool requests, responses, and decision chains to local SQLite
- ✓Enforces YAML-based policy rules (e.g., block SSH key access, flag secret leaks, rate-limit)
- ✓Generates HTML audit reports with OWASP and AIUC-1 compliance mapping
- ✓Detects runtime threats: prompt injection, secret exfiltration, anomalous behavior, tool poisoning
- ✓Works with any agent framework (Claude Code, OpenClaw, Cursor, Windsurf, CrewAI, LangChain)
- ✓Cross-platform single binary with no dependencies, no cloud account, no API keys
Use cases
- →Audit what an AI agent actually did during a session
- →Block secret exfiltration (e.g., blocking reads of ~/.ssh or .env)
- →Detect and throttle anomalous tool call patterns (e.g., 500 requests in 2 minutes)
- →Generate compliance reports for AI agent security standards (OWASP, AIUC-1)
- →Prevent tool poisoning attacks where MCP tool descriptions change after approval
Pros
- +Open-source and local-first, no cloud dependency
- +Zero infrastructure required; single binary installs via brew or go install
- +Works with any agent framework out of the box
- +Provides both real-time enforcement and post-hoc audit reports
- +Supports custom YAML policy rules and community-contributed rules
Cons
- −Currently v0.1 – early stage, CLI only (dashboard coming Q2 2026)
- −No built-in centralized log aggregation for teams (planned H2 2026)
- −No SIEM integrations yet (planned for enterprise phase)
- −Pricing not disclosed – open-source but may introduce paid enterprise features later
Positioning
- Core value: Open-source runtime security that gives you full visibility and control over your AI agent's tool calls, without cloud dependencies.
- Ideal for: Developers, security engineers, AI agent users
- Product type: CLI binary (macOS, Linux, Windows)
Frequently asked questions
What is Clawdit?
Clawdit is an open-source runtime security tool that intercepts, logs, and enforces policies on every tool call an AI agent makes. It serves as a black box recorder for agent actions, giving you full visibility and control.
How does Clawdit work?
Clawdit sits as a transparent proxy between your agent and its tools. It captures every request, response, and decision chain locally on your machine. You can enforce policies using YAML rules and generate HTML audit reports.
What threats does Clawdit catch?
Clawdit catches runtime threats that scanners miss: prompt injection, secret exfiltration (e.g., reading ~/.ssh), anomalous behavior (e.g., 500 requests in 2 minutes), and tool poisoning (e.g., MCP tool descriptions changing after approval).
Which agent frameworks are supported?
Clawdit works with every agent framework including Claude Code, OpenClaw, Cursor, Windsurf, CrewAI, and LangChain.
Is Clawdit cloud-dependent?
No. Clawdit is local-first and requires no cloud account, no API keys, and no infrastructure. All data stays on your machine.
How do I install Clawdit?
You can install it via Homebrew (brew install clawdit) or by downloading the single binary from the releases page. It works on macOS, Linux, and Windows.
You may also like
Curated suggestions based on similar categories.
AgentGuard
Scan AI Agent Skills for Threats in Seconds
DomainDetails.com
DomainDetails.com is a privacy-first domain research platform offering WHOIS, RDAP, DNS, SSL, and marketplace search tools for free, with a paid domain monitoring service that alerts users to changes in domain ownership, expiry, DNS, or marketplace listings.
CI Fuzz
AI-automated white-box fuzz testing solution that lowers barriers to secure code by detecting bugs and vulnerabilities with minimal human interaction.
NOD
NOD is an application that provides user authentication functionality, allowing users to log in with their email and password.
Guard
Guard is a comprehensive website security and compliance analysis tool that performs real-time scanning and continuous monitoring of SSL, DNS, email authentication, security headers, GDPR/NIS2 posture, exposed services, and marketing trackers. It provides prioritized reports and instant alerts when material changes occur.
AI Image Detector
WasItAI is an AI image detector that analyzes any photo or image and tells you in seconds whether it was created by an AI generator or taken by a real human. It uses advanced algorithms to differentiate between real photos and AI-generated fakes, helping users avoid deception.