Every AI skill
must be governed.
Before installation. During execution.
OpenClaw scans AI skill packages through five governance gates, signs the verdict, and anchors it in a transparency log — producing cryptographic proof that the skill was safe to run.
01 — The Problem
Package managers install.
OpenClaw governs.
AI skill packages execute with the same authority as the host agent. A compromised skill can exfiltrate data, manipulate outputs, or override safety controls.
OpenClaw evaluates every skill before execution. If a skill fails any gate, it does not run.
02 — The Five Gates
Scan. Gate.
Prove.
Statistical Confidence
Measures whether the skill's declared capabilities are statistically supported by its test evidence.
Causal Attribution
Verifies that skill outputs can be causally attributed to its declared inputs — not side effects.
Regression Safety
Ensures the skill does not degrade the host system's operational safety below acceptable bounds.
Evidence Integrity
Validates the cryptographic integrity of all evidence submitted with the skill package.
Human Authorization
Requires explicit human consent before any skill with elevated permissions is admitted. Signs the decision and anchors it in the transparency log.
03 — Two Products
Self-hosted.
Or managed.
ClawGuard
Install as an npm package in your ClawHub environment. Skills are scanned locally through the five-gate protocol, with governance verdicts anchored in the ObligationSign transparency log.
OpenClaw Starter
A fully managed Cloudflare-native environment. No local installation — scan skills via API or the web dashboard. Governance infrastructure is operated by ObligationSign.
Both products use the same AGTS five-gate protocol and the same transparency log.
Feature Comparison
| Feature | ClawGuard | OpenClaw Starter |
|---|---|---|
| Deployment | Self-hosted (npm) | Managed (Cloudflare edge) |
| Five-Gate Protocol | G1–G5 | G1–G5 |
| Transparency Log | AGTS anchored | AGTS anchored |
| LLM Inference | BYO (local) | 3-tier: Workers AI / BYOK / Managed |
| Agent Management | — | Full lifecycle (create/start/stop/checkpoint) |
| Chat / WebSocket | — | Real-time streaming + governance |
| BYOK Vault | — | AES-GCM encrypted KV |
| File Storage | — | R2-backed per agent |
| Web Dashboard | — | Full dashboard + chat UI |
| API Keys | Token-based registration | Scoped per-agent keys |
| Free Tier | 50 scans/month | 500 events/month |
| Infrastructure | You manage | Zero — fully managed |
04 — Why Governance, Not Detection
Valid Package.
Valid Signature.
Malicious Behavior.
Skills that pass type checks but exfiltrate context data through side channels
Skills that override safety controls through prompt injection vectors
Skills with valid signatures but statistically unsupported capability claims
These pass npm install.
They do not pass OpenClaw.
05 — Proof, Not Trust
Every governance decision is independently verifiable.
The scan result, gate verdicts, and cryptographic proof are anchored in the same AGTS transparency log used by every ObligationSign vertical. Anyone can verify that a skill was admitted — or refused — without trusting the scanner.