After watching OpenClaw hit 179K GitHub stars while accumulating 5 CVEs, and 341 malicious marketplace skills, and exposing 42K instances in 10 days, I spent 3 hours building AgentVault.
The Issue
The research conducted by Penligent, Zenity, and CrowdStrike reached the conclusion that prompt injection is architecturally unsolvable: you simply cannot prevent a bad prompt from reaching the model. However, the subsequent malicious actions could be stopped by you.
What AgentVault Offers.
- The file system interception is deep which could catch when the agents read ~/.aws/credentials.
- Prevents unsafe commands – blocks the use of ‘rm -rf’ and more.
- Human actions require approvals – all risky actions require your OK.
- Monitors your network activity – logs any outbound connections.
- SQLite database of everything. Comprehensive audit trails.
The method consists of allowing prompt injection to succeed, but catching what it attempts to perform. When Agent Vault identifies a Google doc as malicious that tells the agent to exfiltrate your SSH keys it blocks the file read. It also notifies you.
Developed using Node.js/TypeScript and a Next.js dashboard with SQLite audit log integration. The execution layer of OpenClaw is wrapped with a proxy that hijacks system calls.
This is day 01. What would it take to make this useful for your setup?
After watching OpenClaw hit 179K GitHub stars while accumulating 5 CVEs, and 341 malicious marketplace skills, and exposing 42K instances in 10 days, I spent 3 hours building AgentVault.
The Issue The research conducted by Penligent, Zenity, and CrowdStrike reached the conclusion that prompt injection is architecturally unsolvable: you simply cannot prevent a bad prompt from reaching the model. However, the subsequent malicious actions could be stopped by you.
What AgentVault Offers. - The file system interception is deep which could catch when the agents read ~/.aws/credentials. - Prevents unsafe commands – blocks the use of ‘rm -rf’ and more. - Human actions require approvals – all risky actions require your OK. - Monitors your network activity – logs any outbound connections. - SQLite database of everything. Comprehensive audit trails.
The method consists of allowing prompt injection to succeed, but catching what it attempts to perform. When Agent Vault identifies a Google doc as malicious that tells the agent to exfiltrate your SSH keys it blocks the file read. It also notifies you.
live demo GitHub: https://github.com/hugoventures1-glitch/agentvault.
Developed using Node.js/TypeScript and a Next.js dashboard with SQLite audit log integration. The execution layer of OpenClaw is wrapped with a proxy that hijacks system calls.
This is day 01. What would it take to make this useful for your setup?