How It Works Features Why Switch Compare GitHub

Now on NEAR AI Cloud

IronClaw:
Unleash Your AI Agent,
With Peace of Mind

IronClaw is the secure, open-source alternative to OpenClaw that runs in encrypted enclaves on NEAR AI Cloud. AI agents that actually do things, but your secrets never touch the LLM.

Read the Source

OPEN SOURCE

Defense-in-depth security

BUILT ON RUST

1-CLICK CLOUD DEPLOYMENT

How It Works

From zero to secure agent in minutes.

IronClaw offers simple setup and built-in security for OpenClaw's personal AI assistant—powered by NEAR AI Cloud or run locally.

Deploy in one click.

Launch your own IronClaw instance on NEAR AI Cloud. It boots inside a Trusted Execution Environment — encrypted from the start, no setup required.

Store your credentials.

Add API keys, tokens, and passwords to the encrypted vault. IronClaw injects them only where you've allowed — the AI never sees the raw values.

Work like you always do.

Browse, research, code, automate. Same capabilities as OpenClaw — except now a prompt injection can't steal your credentials.

fn deploy(cfg: &Config) -> Result<()> {
  let tee = TeeEnclave::provision()?;
  tee.verify_memory_safety()?;
  let vault = Vault::seal(cfg)?;
  vault.bind_endpoints(&cfg.allowlist)?;
  agent::spawn(tee, vault)
}
 
#[derive(Encrypt, ZeroOnDrop)]
struct Credentials {
  api_key: Secret<String>,
  bearer: Secret<String>,
}
 
impl Vault {
  fn inject(&self, req: &mut Request) {
    if self.allowlist.permits(req.url()) {
      req.set_auth(&self.credentials)
    }
  }
}
 
fn verify_wasm(bytes: &[u8]) -> bool {
  wasmparser::validate(bytes).is_ok()
    && !contains_unsafe(bytes)
}
 
struct AllowList { endpoints: Vec<Url> }
 
impl AllowList {
  fn permits(&self, url: &Url) -> bool {
    self.endpoints.iter().any(|e| e == url)
  }
}
fn deploy(cfg: &Config) -> Result<()> {
  let tee = TeeEnclave::provision()?;
  tee.verify_memory_safety()?;
  let vault = Vault::seal(cfg)?;
  vault.bind_endpoints(&cfg.allowlist)?;
  agent::spawn(tee, vault)
}
 
#[derive(Encrypt, ZeroOnDrop)]
struct Credentials {
  api_key: Secret<String>,
  bearer: Secret<String>,
}
 
impl Vault {
  fn inject(&self, req: &mut Request) {
    if self.allowlist.permits(req.url()) {
      req.set_auth(&self.credentials)
    }
  }
}
 
fn verify_wasm(bytes: &[u8]) -> bool {
  wasmparser::validate(bytes).is_ok()
    && !contains_unsafe(bytes)
}
 
struct AllowList { endpoints: Vec<Url> }
 
impl AllowList {
  fn permits(&self, url: &Url) -> bool {
    self.endpoints.iter().any(|e| e == url)
  }
}

ironclaw — near-cloud

IronClaw Instance

NEAR AI Cloud · TEE Ready

Deploy Now

What You Get

Security you don't have to think about.

IronClaw is powered by NEAR AI's cryptographically secure infrastructure, which ensures your credentials never leave the vault.

Encrypted Vault

Your credentials are invisible to the AI. API keys, tokens, and passwords are encrypted at rest and injected into requests at the host boundary — only for endpoints you've approved.

Sandboxed Tools

A compromised skill can't touch anything else. Every tool runs in its own Wasm container with capability-based permissions, allowlisted endpoints, and strict resource limits.

Encrypted Enclaves

Not even the cloud provider can see your data. Your instance runs inside a Trusted Execution Environment on NEAR AI Cloud — encrypted in memory, from boot to shutdown.

Leak Detection

Credential exfiltration gets caught before it leaves. All outbound traffic is scanned in real-time. Anything that looks like a secret heading out the door is blocked automatically.

Built in Rust

Entire classes of exploits don't exist here. No garbage collector, no buffer overflows, no use-after-free. Memory safety is enforced at compile time, not at runtime.

Network Allowlisting

You control exactly where data goes. Tools can only reach endpoints you've pre-approved. No silent phone-home, no data exfil to unknown servers.

OpenClaw Problem

Empower your agent with full system access and persistent memory while still protecting your secrets.

OpenClaw unlocks the agentic future but it also risks exposing your secrets. Credentials can be exposed through prompt injections. Malicious skills exist to steal passwords. If you're running OpenClaw by itself with anything sensitive, there are significant risks.

1
Prompt injection can dump your secrets.
A single crafted prompt can trick the LLM into revealing every API key and password you've given it. Telling it "don't share" doesn't help.
2
Hundreds of malicious skills found on ClawHub
Researchers found hundreds of community skills designed to quietly exfiltrate credentials. You won't spot them in a code review.
3
30,000+ instances exposed to the internet.
Tens of thousands of OpenClaw instances are publicly reachable. Attackers are already weaponizing them.

openclaw — agent

userSummarize this article for me.

botSure! The article covers three key points about market trends in Q2...

The Solution

How IronClaw Fixes This

Your credentials live in an encrypted vault on NEAR AI Cloud.

IronClaw's security model doesn't rely on telling the AI "please don't leak this." Your credentials live in a Trusted Execution Environment that provides hardware-enforced security. Your credentials are injected at the network boundary—only for endpoints you've pre-approved.

Every tool runs in its own WebAssembly sandbox with no filesystem access and no outbound connections beyond your allowlist. The entire runtime is Rust — no garbage collector, no buffer overflows, no use-after-free.

RustWasm Sandbox

Encrypted VaultTEE / CVM

Endpoint Allowlist

RustWasm SandboxEncrypted Vault

TEE / CVMEndpoint Allowlist

encrypted-vault

SECURE

Credentials at rest · Encrypted

API_KEY•••••••••

DB_PASS•••••••••

BEARER_TOKEN•••••••••

Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust. Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust. Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust. Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust. Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust. Your secrets never touch the LLM. Running in encrypted enclaves on NEAR AI Cloud. Built completely in Rust.

Everything you like about OpenClaw.
Nothing you're worried about.

Choose a NEAR AI deployment based on your performance requirements and preferred agent. You get NEAR security no matter what.

Feature

OpenClaw

IronClaw

Language

TypeScript

Rust

Memory Safety

Runtime GC

Compile-time

Secret Handling

LLM sees secrets

Encrypted vault

Tool Isolation

Shared process

Per-tool Wasm

Prompt Injection

"Please don't leak"

Architectural

Network Control

Unrestricted

Allowlist

Deploy Secure Agents.
No Hardware Required.

Spin up to 5 agents in a Trusted Execution Environment with up to 130M tokens per month — no cloud setup, no infrastructure. Just a simple frontend and you're live.

Starter

$5$0/month

Activate 1 agent instance in our secure environment, and use NEAR AI Inference to power your agent

Secure deployment
Trusted Execution Environment
Pay per usage token

Popular

Basic

$20/month

Everything you need to get started, plus credits to get up and running quickly with up to 2 agent instances

Everything in Starter
Included 13M tokens
Usage pooling

Pro+

$200/month

Activate up to 5 agent instances in our environment, plus advanced features and more tokens for high usage

Everything in Basic
Included 130M tokens
Priority support

Deploy an AI agent you can actually trust.

Open source. One-click deploy on NEAR AI Cloud. Your secrets never leave the encrypted vault.

Star on GitHub

IronClaw:Unleash Your AI Agent,With Peace of Mind