SafeClaw — Secure API Vault for AI Agents

Who Needs This

Is SafeClaw for you?

◆

You're a high-value professional

Lawyers, entrepreneurs, fund managers, professors — a single email could be worth millions, one mistake could trigger a lawsuit.

◆

Your work involves sensitive data

Client records, contracts, medical files, financial statements — a single leak is an irreversible disaster.

◆

You care deeply about data privacy

You don't want AI companies, cloud providers, or even us to see your data. E2E encryption isn't optional — it's the baseline.

◆

You give AI real-world access

Sending emails, calling APIs, making payments, reading files — when AI can touch your money and data, losing control is a cost you can't afford.

Getting Started

Two minutes to set up. Zero trust required.

01 · Register your biometric

Passkey derives encryption keys directly from your biometric. No master password, no recovery backdoor — only your face or fingerprint unlocks the vault.

02 · Connect your services

Add your API keys and service credentials. Everything is encrypted on your device before upload — the server only sees ciphertext, and AI never touches plaintext.

03 · Approve to execute

Your AI agent gets to work. Whenever it encounters a sensitive action — sending emails, reading files, calling APIs — it pauses and waits for your face scan. Full audit trail.

Security

Proof, not promises

Even if we turn rogue, your agent goes rogue, servers are hacked, or disks are stolen — your keys stay safe

All credentials are encrypted on your device with your biometric. The server only stores ciphertext. Without your face, nobody — not the SafeClaw team, not your AI agent, not the cloud provider, not an attacker — can decrypt.

Technical details

Uses WebAuthn PRF extension to derive a 32-byte key from authenticator output. Vault contents are encrypted with AES-GCM-256 before any network transmission. The server stores only ciphertext — decryption is impossible without the passkey.

AI never sees your actual credentials

When AI needs to call your services, the proxy injects credentials at runtime. The AI's context window and tool outputs contain no credential material whatsoever.

Technical details

The proxy intercepts outbound requests and injects credentials at runtime. The agent's context window and tool outputs contain no credential material. Locking the vault instantly wipes keys from memory.

Each vault is fully isolated. Stop it and it's gone.

Each vault runs in its own virtual machine with network isolation and zero shared state. Stop the VM and all decrypted state is destroyed instantly.

Technical details

Each vault provisions a dedicated VM with restricted network egress. The relay uses ECIES (P-256 ECDH + AES-GCM) to encrypt data in transit. Instances are ephemeral — stop the VM and decrypted state is gone.

Seamless Integration

🦞OpenClaw+SafeClaw

SafeClaw adds a security layer to OpenClaw, so your agent stays capable and under your control.

Sending & Deleting Emails

🦞OpenClaw alone

The agent drafts, sends, and can bulk-delete emails.

Approval flows through the messaging channel — channel access equals approval rights.

With SafeClaw

Every sensitive action is intercepted by SafeClaw.

Released only after your face or fingerprint.

Managing API Credentials

🦞OpenClaw alone

API keys sit in plaintext in local config files.

The agent sees them all — reliant on its own restraint.

With SafeClaw

Encrypted at rest by your passkey.

Decrypted only when you approve, wiped instantly after.

Payments & Assets

🦞OpenClaw alone

Private keys sit in plaintext for the agent to use.

The agent sees them all — one breach and money could move unnoticed.

With SafeClaw

Cryptographically secured — even a hacked machine or stolen disk can't unlock it.

Vanishes after use — no trace left on your machine.

Reading Files

🦞OpenClaw alone

The agent picks which files to read within its authorized scope.

Any sensitive file in that scope can be read in passing.

With SafeClaw

Every read is gated by SafeClaw.

You approve each file read.

Architecture

Under the hood

E2E Encryption Architecture

Client (Your Device)

WebAuthn PRF
→ HKDF-SHA256
→ 32-byte vault key

↓ AES-GCM-256

Plaintext credentials
→ encrypt(vault_key)
→ ciphertext blob

ECIESP-256 ECDH→+ HKDF+ AES-GCM

Server (Zero Knowledge)

Stores ONLY:
• encrypted_blob
• ephemeral_pubkey
• iv + auth_tag

❌ No vault_key
❌ No plaintext
❌ No recovery key

RuntimeInjection→

Isolated VM

Proxy Layer
• Intercepts outbound
• Injects creds at runtime
• Agent sees nothing

Ephemeral — stop VM
→ memory wiped
→ keys destroyed

One Vault, One VM — Complete Isolation

VAULT A — VM-001

Agent Runtime

Credential Proxy

Network Egress Filter

Ephemeral Storage

🔒 Restricted egress

VAULT B — VM-002

Agent Runtime

Credential Proxy

Network Egress Filter

Ephemeral Storage

🔒 Restricted egress

VAULT C — VM-003

Agent Runtime

Credential Proxy

Network Egress Filter

Ephemeral Storage

🔒 Restricted egress

Each vault = Dedicated VM · Isolated network · Isolated storage · Zero shared state

Sensitive Action Approval Protocol

AGENT → PROXY

Agent issues outbound request (e.g., Gmail API: send email)

PROXY → INTERCEPT

Proxy classifies action risk level (Low / Medium / High)

RELAY → USER DEVICE

Push notification with action details + expiry countdown

USER → BIOMETRIC APPROVAL

Face ID / Touch ID → WebAuthn assertion → ECIES-encrypted approval

PROXY → EXECUTE + LOG

Inject credentials → Execute request → Immutable audit log entry

Pricing

Simple, transparent pricing

All plans include the full security stack: one-click deploy, private server, E2E encryption, biometric approval, audit logs.

Starter

$50 /mo

Bring your own tokens (API Key / Claude Code / Codex subscription)

◆Full security infrastructure

◆Private server deployment

◆End-to-end encryption

◆Biometric approval

◆Full audit trail

POPULAR

Standard

$70 /mo

Includes OpenAI / Claude basic subscription (value far exceeds $20)

◆Everything in Starter

◆AI basic subscription included

◆All major models supported

Pro

$150 /mo

Includes Claude Pro / OpenAI Plus subscription (value far exceeds $100)

◆Everything in Starter

◆Claude Pro / OpenAI Plus included

◆Switch between models freely

Enterprise

$250 /mo

Includes Claude Max / OpenAI Pro subscription (value far exceeds $200)

◆Everything in Starter

◆Claude Max / OpenAI Pro included

◆Team collaboration

◆Unlimited model access

Extra fees go entirely toward your AI subscriptions. SafeClaw takes no markup. Actual subscription value far exceeds the price difference.

The most secure OpenClaw.

Is SafeClaw for you?

Two minutes to set up. Zero trust required.

01 · Register your biometric

02 · Connect your services

03 · Approve to execute

Proof, not promises

Even if we turn rogue, your agent goes rogue, servers are hacked, or disks are stolen — your keys stay safe

AI never sees your actual credentials

Each vault is fully isolated. Stop it and it's gone.

🦞OpenClaw+SafeClaw

Under the hood

Works with major AI models and the services you use

Simple, transparent pricing

Finally, you can have your AI assistant.
Don't worry about security.

The most secure OpenClaw.

Is SafeClaw for you?

Two minutes to set up. Zero trust required.

01 · Register your biometric

02 · Connect your services

03 · Approve to execute

Proof, not promises

Even if we turn rogue, your agent goes rogue, servers are hacked, or disks are stolen — your keys stay safe

AI never sees your actual credentials

Each vault is fully isolated. Stop it and it's gone.

🦞OpenClaw+SafeClaw

Under the hood

Works with major AI models and the services you use

Simple, transparent pricing

Finally, you can have your AI assistant.Don't worry about security.

Finally, you can have your AI assistant.
Don't worry about security.