AI-powered runtime defense for hosts, containers, and Kubernetes.
ClawNet is an AI-powered terminal security platform with three core defense layers:
- Live host network monitoring
- Isolation sandbox for unknown code
- Autonomous Kubernetes incident response
It watches your machine in real time, sandboxes suspicious projects before they touch the host, and can autonomously investigate production Kubernetes failures using specialized AI agents.
"Nothing runs on the host before ClawNet approves it."
| Mode | Command | What it does |
|---|---|---|
| Network Monitor | clawnet |
Live TUI watching all TCP/UDP connections on your host |
| Copilot | clawnet --copilot |
AI chat interface for your current network state |
| Isolation Sandbox | clawnet --isolation |
Interactive TUI: clone/run anything in Docker, monitored from inside |
| Run local project | clawnet run <path> |
Sandbox a local folder in Docker |
| Clone + run | clawnet clone <url> |
Clone a GitHub repo and sandbox it immediately |
| View past runs | clawnet sandbox-list |
Table of recent sandbox verdicts |
| Full report | clawnet sandbox-report <run-id> |
JSON dump of a past sandbox run |
| Policy setup | clawnet policy-init |
Create/view the sandbox policy file |
| Git interceptors | clawnet install-interceptors |
Install wrappers that route git clone through ClawNet |
| Kubernetes Defense | clawnet k8s-watch |
Autonomous Kubernetes monitoring + remediation |
- Live TCP/UDP connection monitoring with 1-second refresh
- Real-time process tracking with path validation
- GeoIP lookup for remote IPs
- VPN status detection
- Automatic risk scoring (LOW / MED / HIGH)
- OpenClaw AI-powered threat analysis per connection
- Natural language security explanations
- Kill process / block IP recommendations
- Telegram alerts for HIGH and CRITICAL detections
- Persistent threat memory (local JSON + optional Supermemory cloud)
- Every unknown project runs inside a locked-down Docker container
- ClawNet agent runs inside the container — monitors the app from within
- Polls
/proc/net/tcp,/proc/net/tcp6,/proc/net/udp,/proc/net/udp6every second - Fires a Telegram ping instantly when a new foreign IP is detected
- Scans stdout/stderr lines in real time for suspicious patterns
- Sends Telegram alerts when risk crosses SUSPICIOUS or DANGEROUS thresholds
- Workspace mounted read-only by default
- Security hardening:
--cap-drop ALL--security-opt no-new-privileges- PID / memory / CPU limits
- Sensitive host env vars are blanked inside containers
- AI verdict generation via GPT-4o-mini
- Reputation cache for trusted projects
- Promotion gate:
- SAFE → auto allow
- SUSPICIOUS → approval required
- DANGEROUS → auto blocked
- Live Rich TUI with streaming output and risk telemetry
ClawNet extends into Kubernetes — an autonomous AI incident-response layer for production clusters.
Instead of only detecting threats, ClawNet can now:
- Investigate failures
- Diagnose root causes
- Plan remediations
- Execute safe fixes
- Route dangerous actions through human approval
"When production breaks at 3am, ClawNet shouldn't just alert you — it should investigate, explain, and respond."
+----------------------+
| INCIDENT COMMANDER |
| (Supervisor) |
+----------+-----------+
|
+------------------+------------------+
| | |
+--------v--------+ +------v------+ +---------v---------+
| SCOUT AGENT | |DOCTOR AGENT | | EXECUTOR AGENT |
| Cluster watcher | | Root cause | | Safe remediation |
+-----------------+ +-------------+ +-------------------+
- Observe — Poll cluster state continuously
- Detect — AI classifies anomalies
- Diagnose — Analyze logs/events/metrics
- Plan — Generate remediation plan
- Safety Gate — Approval routing
- Execute — Safe kubectl action
- Explain & Log — Audit trail + summaries
- Autonomous anomaly detection
- Root-cause analysis from logs/events/metrics
- Predictive alerts (OOM detection before crash)
- Self-evolving runbook memory
- Human-in-the-loop approvals via Slack
- RBAC-scoped least-privilege execution
- Natural language war-room interface
- Chaos engineering mode
- Blockchain-backed audit trail
| Incident | Severity | Auto-Fix |
|---|---|---|
| CrashLoopBackOff | HIGH | Yes |
| OOMKilled | HIGH | Yes |
| Evicted Pod | LOW | Yes |
| Pending Pod | MED | HITL |
| ImagePullBackOff | MED | HITL |
| CPU Throttling | MED | HITL |
| Deployment Stalled | HIGH | HITL |
| Node NotReady | CRITICAL | HITL |
| Pattern | Signal | Risk Points |
|---|---|---|
xmrig, stratum+tcp |
Cryptominer behavior | +35 |
nc -e, netcat -l |
Reverse shell / listener | +35 |
curl ... | bash |
Remote code execution pipe | +30 |
private key, seed phrase |
Wallet key material | +30 |
| Foreign egress IP | Outbound to non-private IP | +30 |
.ssh, id_rsa, known_hosts |
SSH material access | +25 |
curl ... pastebin/ngrok |
Exfiltration endpoint | +25 |
ufw disable, iptables off |
Firewall tampering | +25 |
ssh-keyscan, ssh-copy-id |
SSH key distribution | +25 |
adduser, sudoers |
Privilege persistence | +20 |
crontab |
Cron job modification | +20 |
/proc/<pid>/environ |
Process env read | +20 |
base64 -d, powershell -enc |
Obfuscated execution | +20 |
systemctl enable |
Service persistence | +20 |
apt-get install |
System package install | +15 |
printenv |
Env var enumeration | +15 |
chmod 777 |
Broad permission grant | +12 |
pip install, npm install |
Package installation | +8 |
- Python 3.11+
- psutil
- subprocess
- socket
- Docker CLI
container_agent.py
- LangGraph
- FastMCP
- kubectl tools
- FastAPI
- Slack Block Kit
- LiteLLM
- Claude Opus / Sonnet
- OpenClaw
- GPT-4o-mini
- Claude models
- Local JSON
- Optional Supermemory backend
- Rich TUI
- React + Tailwind dashboard
- Stellar Soroban smart contracts
git clone https://github.com/rajarshidattapy/clawnet.git
cd clawnetpython -m venv venv
source venv/bin/activate
# Windows
venv\Scripts\activatepip install -r core/requirements.txtCreate a .env file in the repo root:
# OpenAI
OPENAI_API_KEY=your_openai_key
# Telegram alerts
TELEGRAM_BOT_TOKEN=your_bot_token
TELEGRAM_CHAT_ID=your_chat_id
# Optional memory backend
SUPERMEMORY_API_KEY=your_supermemory_key
# Slack approval system
SLACK_BOT_TOKEN=your_slack_bot_token
SLACK_SIGNING_SECRET=your_slack_signing_secret
# Optional Telegram HITL approvals
CLAWNET_TELEGRAM_APPROVAL=1- Message your bot once
- Run:
curl https://api.telegram.org/bot<TOKEN>/getUpdates- Copy the
chat.id
docker --version
docker psClawNet automatically pulls:
python:3.11-slimFor Kubernetes runtime defense:
kubectl cluster-info
minikube statuspython clawnet.py
# or
clawnet| Key | Action |
|---|---|
j / k |
Scroll |
c |
Open copilot |
q |
Quit |
clawnet --isolationInteractive menu:
[1] Sandbox GitHub repo
[2] Sandbox local project
[3] View run history
[4] Manage policy file
[Q] Quit
clawnet clone https://github.com/someone/project.git
clawnet clone https://github.com/someone/project.git --deep
clawnet clone https://github.com/someone/project.git --offline
clawnet clone https://github.com/someone/project.git --cmd "python main.py"clawnet run ./my-project
clawnet run ./my-project --deep
clawnet run ./my-project --offlineclawnet k8s-watchExample actions:
- Investigate pod crashes
- Explain root causes
- Rollback deployments
- Detect resource exhaustion
- Route risky actions to Slack approval
clawnet sandbox-list
clawnet sandbox-list 50
clawnet sandbox-report sbx-1748123456Container starts
↓
"Sandbox Started" alert
↓
[real-time]
Foreign IP detected
↓
Suspicious output detected
↓
Risk score updated
↓
Container exits
↓
AI verdict generated
↓
SAFE / SUSPICIOUS / DANGEROUS
Cluster anomaly detected
↓
AI agents investigate
↓
Root cause generated
↓
Remediation plan proposed
↓
Safety gate triggered
↓
Auto-fix OR approval request
↓
Verification loop
↓
Incident audit logged
clawnet policy-initExample policy:
{
"max_runtime_seconds": 300,
"cpu_limit": "1.5",
"memory_limit": "1536m",
"pids_limit": 256,
"network_mode": "bridge",
"read_only_workspace": true,
"enable_telemetry": true,
"telemetry_interval_seconds": 2,
"block_on_foreign_egress": true,
"foreign_egress_risk_bonus": 30,
"deny_env_keys": [
"OPENAI_API_KEY",
"SUPERMEMORY_API_KEY",
"TELEGRAM_BOT_TOKEN",
"TELEGRAM_CHAT_ID",
"AWS_SECRET_ACCESS_KEY",
"GITHUB_TOKEN"
]
}| Score | Level | Outcome |
|---|---|---|
| 0–34 | SAFE | Auto allowed |
| 35–69 | SUSPICIOUS | Approval required |
| 70–100 | DANGEROUS | Auto blocked |
clawnet/
│
├── core/
│ ├── clawnet.py
│ ├── sandbox.py
│ ├── container_agent.py
│ ├── isolation.py
│ ├── openclaw.py
│ ├── telegram_alert.py
│ ├── memory.py
│ ├── netwatch.py
│ └── requirements.txt
│
├── k8s/
│ ├── agents/
│ ├── graph/
│ ├── mcp_server/
│ ├── prediction/
│ ├── slack/
│ ├── api/
│ ├── blockchain/
│ └── chaos/
│
├── docs/
│ ├── README.md
│ └── dockerized_runtime.md
│
├── frontend/
│
├── contracts/
│
├── clawnet.py
├── pyproject.toml
└── .envClawNet follows a layered runtime-defense model:
- Detect suspicious behavior
- Isolate unknown code
- Monitor from inside the runtime
- Analyze behavior using AI
- Gate dangerous actions
- Require approval for risky operations
- Explain every decision transparently
ClawNet is evolving into a full autonomous runtime defense system.
Not just:
"What is happening?"
But:
"What caused it, how dangerous is it, and should the system act automatically?"
ClawNet aims to become an AI-native security layer for:
- Local machines
- Containers
- CI/CD pipelines
- Kubernetes clusters
- Autonomous infrastructure
Where every runtime is continuously monitored, explainable, and policy-gated before it can impact production.
- eBPF runtime instrumentation
- Multi-cluster Kubernetes monitoring
- Autonomous GitHub remediation PRs
- Threat graph visualization
- Distributed sandbox fleet
- WASM sandbox runtime
- AI-generated permanent fixes
- Cost optimization recommendations
- Incident correlation engine
- Cloud-native runtime firewall
MIT License
ClawNet is a defensive security platform intended for:
- malware analysis
- runtime inspection
- infrastructure protection
- incident response
- safe execution of untrusted code
Users are responsible for complying with local laws and organizational security policies.