Your AI agent can read every credential on your machine

OpenClaw said "always allow."
AgentWall blocked it anyway.

A policy-enforcing MCP proxy that sits between your AI agent and its tools, enforcing your rules outside the runtime, before any damage is done.

★ Star on GitHub Read the docs →
Install
npx @agentwall/agentwall setup
Running in 60 seconds. No account. No cloud.
Works with
OpenClaw Claude Desktop Cursor Windsurf Claude Code Any MCP client
See it in action
Why AgentWall

MCP clients like OpenClaw have built-in safety prompts but they run inside the runtime. A compromised tool, a poisoned prompt, or a misconfigured agent can bypass them entirely. AgentWall enforces policies independently, at the proxy layer, where neither the model nor the client can override it.

Security Research
Your AI agent can read every credential on your machine
Read the writeup →
What AgentWall does
🛑
Blocks before execution
Credentials, shell commands, database drops. Intercepted before they run.
📋
YAML policy engine
deny, allow, or ask. Glob matching and SQL content rules. Hot-reload, no restarts.
🌐
Browser approval UI
Review and approve tool calls at localhost:7823. No terminal required.
📒
Independent audit log
Ground truth record of every tool call, written outside the agent's control.
🔌
Native OpenClaw plugin
Intercepts every tool call before it runs. No patching the model's prompt.
↩️
Fully reversible
agentwall undo restores all original configs in one command.
🧪
Taint tracking
Detects credential reads and blocks subsequent outbound calls. Stops multi-step exfiltration.
📚
Policy library
Community policies for gog, GitHub, 1Password, messaging, Homebrew, and more.
Browse the registry →
Listed on
awesome-mcp-servers Glama.ai Policy library Apache 2.0