ClawShield vs BulwarkAI — Runtime Protection vs. Security Hardening

The OpenClaw security ecosystem just got more interesting. ClawShield, an open-source security proxy from SleuthCo, launched today with a compelling approach: sit between users and the OpenClaw gateway, inspect every message in real time, and block threats before they reach your agents. It's a solid tool. And it solves a different problem than BulwarkAI.

Here's how they compare, when to use each, and why the answer is probably "both."

What ClawShield does

ClawShield is a runtime security proxy written in Go. You deploy it as a Docker container (or standalone binary) that intercepts all HTTP and WebSocket traffic between your browser and the OpenClaw gateway.

It includes four scanners that analyze traffic in real time. The prompt injection scanner uses three tiers of detection: regex heuristics for known attack patterns, structural analysis that decodes base64 and scores imperative verb density, and canary token leak detection. The secrets and PII scanner applies regex filters to decoded JSON values, catching techniques like Unicode escape bypasses. A vulnerability scanner checks for SQL injection, SSRF, path traversal, command injection, and XSS. And the malware scanner detects PE, ELF, and Mach-O binaries by magic bytes, uses YARA-like signature rules for reverse shells, and flags archive bombs via compression ratio analysis.

Beyond scanning, ClawShield ships with an iptables-based egress firewall that restricts which domains your agents can reach, and an eBPF kernel monitor that traces system calls at the kernel level — catching fork bombs, privilege escalation, and port scanning that application-layer tools would miss entirely.

The policy engine is deny-by-default YAML. You define tool allowlists, per-tool argument filters, domain allowlists, and per-agent restrictions. Every decision gets logged to SQLite.

What BulwarkAI does

BulwarkAI is a security assessment and hardening service. Rather than sitting inline and inspecting traffic, BulwarkAI audits your deployment's configuration, identifies gaps in your security posture, and provides specific guidance to fix them.

The approach starts with a free scanner that checks for the threats the built-in OpenClaw audit misses. The Security Blueprint provides hardening configurations, audit scripts, an IOC database of 1,184+ confirmed malicious ClawHub packages, and SOUL.md templates with anti-injection patterns. The Security Audit adds a personalized review by a security architect with 20 years of platform security experience, delivering a prioritized action plan specific to your deployment. And the Done-For-You Hardening handles the implementation directly.

BulwarkAI focuses on the questions that runtime tools can't answer: Are your identity files intact? Did a previously uninstalled skill leave persistence mechanisms behind? Are your MCP server registrations legitimate? Is your agent permission scope appropriate for your use case?

Different layers of the same problem

The clearest way to understand the difference: ClawShield protects what's happening right now. BulwarkAI fixes what's already wrong and prevents what's coming next.

Consider the ClawHavoc malware campaign. ClawShield's scanners would detect and block many ClawHavoc payloads in transit — the prompt injection attempts, the secrets being exfiltrated, the malicious tool calls. Its egress firewall would block connections to unknown command-and-control servers. Its eBPF monitor would flag the suspicious system calls.

But ClawHavoc also installs crontab entries and LaunchAgents that persist after the malicious skill is uninstalled. It modifies identity files to escalate agent permissions. It registers MCP servers that proxy legitimate API calls through attacker endpoints — traffic that looks normal because it IS the normal API call, just mirrored through a man-in-the-middle.

ClawShield's domain allowlist could catch the MCP proxy if you've explicitly restricted which endpoints MCP servers can reach. But it can't tell you that the MCP server registration itself is malicious, or that your AGENTS.md was modified last Tuesday by a skill you've since removed, or that there's a crontab entry downloading fresh payloads every reboot.

That's assessment. That's hardening. That's the layer BulwarkAI covers.

Head-to-head comparison

Deployment model. ClawShield is infrastructure — a Docker container running between your browser and OpenClaw. BulwarkAI is a service — reports, scripts, and configurations with no infrastructure footprint.

Detection approach. ClawShield inspects live traffic against pattern-matching rules and behavioral analysis. BulwarkAI audits static configuration against a threat intelligence database and security best practices.

What it catches. ClawShield catches prompt injection, secrets in transit, known vulnerability patterns, malware payloads, and unauthorized network egress. BulwarkAI catches misconfigured identity files, persistence mechanisms, malicious MCP server registrations, zero-width character injection, insufficient permission scoping, and known-malicious ClawHub packages.

Ongoing protection. ClawShield runs continuously, blocking threats in real time. BulwarkAI provides point-in-time assessment with hardening that persists until your configuration changes.

Cost. ClawShield is free and open-source under AGPL-3.0. BulwarkAI ranges from free (scanner) to $1,997 (hands-on hardening).

Expertise required. ClawShield requires Docker knowledge and comfort editing YAML policy files. BulwarkAI's Blueprint is self-service with guided scripts; the Audit and DFY tiers require no technical expertise.

The recommended stack

For business deployments running OpenClaw with access to sensitive data, the strongest security posture uses both:

First, harden the deployment. Run the BulwarkAI scanner to identify gaps. Use the Security Blueprint to fix configuration issues, baseline identity files, audit MCP servers, and check for persistence mechanisms. This closes the 40% gap that the built-in OpenClaw audit misses.

Then, add runtime protection. Deploy ClawShield in front of your hardened OpenClaw instance. Configure the deny-by-default policy engine with allowlists specific to your agents and tools. Enable the egress firewall. Turn on the eBPF monitor if you're running on Linux.

Who should use what

Solo developers running OpenClaw locally: Start with ClawShield. It's free, Docker-native, and provides immediate protection. Add the free BulwarkAI scan to check for issues ClawShield doesn't cover.

Businesses running OpenClaw for operations: Both. The BulwarkAI Security Blueprint ($97) for assessment and hardening, ClawShield for ongoing runtime protection.

Agencies managing client OpenClaw deployments: The BulwarkAI Hardening Report ($297) to verify each client deployment is properly configured, then ClawShield deployed per-client for runtime protection.

Enterprises with compliance requirements: The BulwarkAI Done-For-You Hardening ($1,997) for documented assessment and remediation, plus ClawShield with custom policy configurations per deployment.

Getting started

Run the free BulwarkAI scan at bulwarkai.io to check your deployment's security posture. Deploy ClawShield from github.com/SleuthCo/clawshield-public for runtime protection.

The OpenClaw security landscape is maturing. More tools means better options. The important thing is not which tool you pick — it's that you don't stop at the built-in audit.