Skip to main content

Open source

The security proxy for AI agents

Your agent can access every API key in plaintext — and you have no idea what it costs or where requests go. Unclaw is a forward proxy that intercepts all traffic, injects secrets without exposing them, and shows you everything. Works with OpenClaw, Claude Code, Codex, or any agent — no code changes.

Get StartedRead the Docs
terminal
npm install -g unclaw

Built by Deno

The problem

1

Secrets in plaintext

Your OpenClaw gateway token, GitHub PAT, Slack credentials — all in plaintext. Skills can access them. One prompt injection and they're exfiltrated.

2

Low visibility

Your agent talks to GitHub, Slack, Anthropic, and 20 other services. Hundreds of requests per hour. You can't see what it costs or what's failing.

The problem

┌─────────────────┐ │ │ │ Agent(s) │ │ │ │ │ │ │ └─────────────────┘
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
┌────────────────────┐ │ Literally │ │ the entire │ │ internet │ └────────────────────┘
┌─────────────┐ │ Secret keys │ └─────────────┘
Secret keysSecret keysSecret keysPIIRogue emailsBank transferDrop DBHallucinationBad promptPersonal photosSecret keysSurprise purchaseFood deliveryData exfil

Your agent needs real credentials to do real work

So you hand it your secret keys

One prompt injection, one buggy loop, one logged error…

Your agents could do anything

Scroll

The solution

─ ─ ─
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
┬ │ │ └ ─ ─ ─ ─ ─ ─ ─
x
✕ ACCESS DENIED
┌──────────┐ │ │ │ Agent(s) │ │ │ └──────────┘
┌────────────┐ │ │ │ UNCLAW │ │ │ └────────────┘
┌────────────┐ │ Secrets -> │ └────────────┘
┌──────────────┐ │ Enabled │ │ integrations │ └──────────────┘
┌──────────────┐ │ Rest of the │ │ internet │ └──────────────┘

Same agents, same APIs, same code

But the secrets live outside the agent

Agents send placeholders; Unclaw injects real credentials at the edge

Agents can't leak what they can't see

Every request is logged

Secrets go only to approved destinations

Scroll

How it works

Secret injection

POST /v1/chatAuthorization:{{SECRET}}POST /v1/chatAuthorization:sk-ant-abc123...
  • Placeholders swapped for real credentials at the proxy
  • Inject into headers, body, or mTLS
  • Secrets never reach agent memory
  • Anti-exfiltration blocks reflection attacks
  • Shared secrets with per-agent access control

Analytics

REQUESTS / SEC+12.4%
  • Every outbound request logged in real time
  • LLM costs, tokens, cache hits, and latency across all services
  • Drill into full headers, body, and formatted prompts
Coming soon

JavaScript policy engine, AI proctoring, and human-in-the-loop approval.

What you've been missing

See everything your agents do in the Unclaw dashboard

Thousands of requests across dozens of services. Unclaw captures it all passively, with zero instrumentation.

unclaw.dev/analytics

^ Real data from one agent, one day.

How it compares

More than a gateway, more than a sandbox

AI gateways see your model calls. Sandboxes isolate your process. Unclaw does both — it sees every request and controls what credentials your agent can use.

Secret injectionAll outbound trafficUnderstands LLM trafficHandles webhooksAnalytics
Helicone
Portkey
LiteLLM
agentgateway
Clawvisor
httpjail
Unclaw

Built-in plugins

Plugins are pre-configured integrations with external services. Connect your agent(s) without writing the request-handling, auth, or secret-management code yourself.

Anthropic
Anthropic
OpenAI
OpenAI
GitHub
GitHub
Slack
Slack
Notion
Notion
Kubernetes
Kubernetes
ClickHouse
ClickHouse
Grafana
Grafana

— OR —

Write your own plugin in one TypeScript file

Open source

The proxy handles your secrets — it must be auditable. MIT licensed. Multiple agents share secrets and endpoints, each with their own policies. Self-host or use unclaw.dev.

terminal
npm install -g unclaw
Get StartedRead the Docs