NetClaw Gets Enterprise Security with Cisco DefenseClaw
We’re excited to announce the integration of DefenseClaw from Cisco AI Defense as the enterprise security layer for NetClaw. This represents a major upgrade to our security posture, with a comprehensive, production-ready governance solution.
What is DefenseClaw?
DefenseClaw is an enterprise governance layer for OpenClaw-based AI agents developed by Cisco AI Defense. It provides:
- OpenShell Sandbox: Kernel-level isolation using Landlock, seccomp, and network namespaces
- Component Scanning: Static analysis of skills, MCPs, and plugins before execution
- CodeGuard Analysis: Detects hardcoded credentials, eval(), shell commands, SQL injection
- Runtime Guardrails: LLM prompt/completion inspection across 7 AI providers
- Tool Call Inspection: 6 rule categories (secret, command, sensitive-path, C2, cognitive-file, trust-exploit)
- Audit Logging: SQLite database with SIEM export (Splunk HEC, OTLP)
Why DefenseClaw?
Our original NetShell implementation required manual YAML policy configuration and custom Python scripts. DefenseClaw provides all this functionality out of the box:
| Feature | NetClaw(Old) | DefenseClaw (New) |
|---|---|---|
| OpenShell Setup | Manual | Automatic |
| Component Scanning | No | Yes |
| LLM Inspection | No | Yes (7 providers) |
| Tool Rules | YAML files | CLI commands |
| SIEM Integration | No | Splunk HEC, OTLP |
| Webhook Alerts | No | Slack, PagerDuty, Webex |
Getting Started
Fresh Installation
./scripts/install.sh
# When prompted:
# Enable DefenseClaw (recommended)? [y/N]: yExisting Users
./scripts/defenseclaw-enable.shKey Commands
defenseclaw --version # Check installation
defenseclaw skill scan <name> # Scan a skill
defenseclaw tool block <tool> # Block a tool
defenseclaw alerts # View security alerts
defenseclaw setup guardrail --mode action # Enable blockingSecurity Modes
DefenseClaw operates in two modes:
- Observe Mode (default): Logs all security events without blocking. Perfect for onboarding and development.
- Action Mode: Actively blocks dangerous operations. Use for production deployments.
Start in observe mode to understand your workflow’s security profile, then switch to action mode for production:
# Enable blocking mode
defenseclaw setup guardrail --mode action --restartCompliance Ready
DefenseClaw’s audit logging supports enterprise compliance requirements:
- SOC2 Type II: Audit trail, access controls, event monitoring
- PCI-DSS v4.0: Anti-malware, audit trails, incident response
- HIPAA: Audit controls, integrity, transmission security
Export audit data for compliance review:
defenseclaw alerts --export json > audit-$(date +%Y%m%d).jsonDocumentation
We’ve created comprehensive documentation:
- DefenseClaw Enterprise Guide – Full technical documentation
- Security Principles (SOUL-DEFENSE) – Security posture guidance
- Upgrade Guide – Migration for existing users
Thank You, Cisco AI Defense
A huge thank you to the Cisco AI Defense team for creating DefenseClaw. This integration brings enterprise-grade security to NetClaw without requiring users to become security experts.
The combination of OpenClaw, Claude, and DefenseClaw creates a powerful, secure platform for AI-powered network operations.
Ready to upgrade? Run ./scripts/defenseclaw-enable.sh and enjoy enterprise security for your NetClaw deployment.
Questions? Open an issue on GitHub.