ClawShield – Open-source firewall for agent-to-agent AI communication

Name: ClawShield – Open-source firewall for agent-to-agent AI communication
Availability: InStock
Author: Joe_DNAI

by Joe_DNAI·Feb 18, 2026·2 points·2 comments

Visit Project View on HN

AI Analysis

○PassWizardryNiche Gem

The Take

This feels like the first serious attempt to treat agent-to-agent chatter as a network security problem: 16+ prompt-injection signatures (with recursive base64 decoding), AST static analysis of skills via acorn/estree, and sandboxed dynamic checks are concrete, non-trivial defenses. The repo shows real engineering (Docker, CI, security scans, 181 tests) — the missing piece is real-world performance and adoption, but if you run agent fleets this is worth poking at.

Post Description

Hi HN!

I built ClawShield after discovering 40,214 OpenClaw instances exposed with critical CVE-2026-25253 (CVSS 8.8).

The problem: AI agents communicate with each other at scale, but there's NO firewall between them. A compromised agent can inject prompts, exfiltrate data, and hijack WebSocket sessions.

ClawShield sits between agents and blocks: - Prompt injection (16+ patterns) - Malicious skills/plugins (AST + sandbox) - Credential leaks (regex + entropy) - Unauthorized agent-to-agent comms - WebSocket hijacking

Built it last night. 181 tests. Production-ready. Open source (AGPL-3.0).

GitHub: https://github.com/DEFNOISE-AI/ClawShield Demo: [coming soon]

Compatible with OpenClaw, AutoGPT, or any agent protocol.

Free tier for personal use, paid for teams/enterprise.

Would love your feedback!