ClawReins

THE INTERVENTION LAYER FOR OPENCLAW.

Understands browser reality, not just tool calls. When agents hit CAPTCHA, challenge walls, or 2FA, ClawReins pauses, routes intervention, and continues safely.

Star on GitHub★ Live stars Stay in the Loop

Approval Demo

ClawReins demo showing approval prompts for destructive actions

Blocks destructive actions unless you explicitly approve (YES / ALLOW) — everything logged.

View demo full size Install in 30 seconds

Quick Start

macOS / Linux / Windows

One-liner

# Installs and configures ClawReins in one shot

curl -fsSL https://clawreins.ai/install.sh | bash

Choose your path. Same intervention layer, same browser-state protections.

What It Does

⌂

Runs On Your Machine

macOS, Linux, and Windows. Private by default. Your credentials and browser state stay local.

◌

Any Chat App

Operate through WhatsApp, Telegram, Slack, Discord, and direct chat surfaces your team already uses.

◎

Persistent Session Memory

Keeps encrypted session context across jobs so agents resume where they left off without re-auth loops.

◍

Browser-State Awareness

Detects CAPTCHA, Cloudflare challenge screens, and 2FA prompts from live browser context before actions continue.

›_

Irreversibility Routing

Scores action irreversibility and escalates high-risk operations to strict confirmation tokens with summaries.

✣

Intervention Layer

Pauses, notifies, captures screenshot context, and cleanly resumes execution after explicit human intervention.

Security Scan

clawreins scan audits a local OpenClaw installation for high-signal security misconfigurations, writes an HTML report to ~/Downloads/scan-report.html, and prints the report link directly in the terminal.

13 high-signal checks before runtime issues become incidents

HTML report saved to ~/Downloads/scan-report.html

Optional auto-fixes for safe, common misconfigurations

Opt-in drift monitoring for scheduled daily posture checks

Usage

clawreins scan
clawreins scan --fix
clawreins scan --monitor

ClawReins security scan generating a local HTML report

Checks include gateway exposure, file permissions, auth bypass flags, weak credentials, sandbox isolation, and browser sandbox posture.

Why Third-Party Intervention

Monitoring and intervention should not be owned by the same agent vendor being monitored.

Conflict of Interest (COI)

If OpenClaw audits its own actions, the control is not independent. SOC 2, HIPAA, and PCI environments require objective verification, not self-attestation.

Proven Industry Pattern

Trading platforms do not ship their own market-risk controls, hospitals do not self-certify medical devices, and payment processors do not grade their own fraud systems.

Trust Boundary Architecture

The intervention layer must be trusted precisely because the agent is not fully trusted. If one vendor owns both layers, the trust boundary collapses for enterprise buyers.

OpenClaw cannot be its own watchdog. Neither can any CUA. That is why ClawReins exists.

What People Say

View all →

Real operator posts showing the same browser-friction patterns ClawReins is built to handle.

Loading real posts from X...