163 Rules. 157 Attacks. Zero Compromises.
Guardian intercepts credential theft, data exfiltration, prompt injection, and persistence attacks before they execute — and red-teams your AI system to find gaps before attackers do.
Why Security Matters
AI Agents Are Under Attack. We Built for That.
Recent attacks exposed how vulnerable AI agents are to malicious plugins and prompt injection. HexaClaw includes security by default so you don't have to worry.
6 Attack Vectors. Handled.
HexaClaw handles every known attack vector in the AI agent ecosystem so you don't have to worry about them. Including CVE-2026-25253 (CVSS 8.8) and CVE-2025-54135 MCP config injection.
Malicious Install Hooks
Skills that run arbitrary shell commands during installation, compromising your system before you even use them.
Credential Harvesting
Skills designed to extract API keys, SSH keys, wallet keys, and other secrets from your environment.
Prompt Injection
Hidden instructions in skill definitions that hijack the AI agent to perform unintended actions.
Data Exfiltration
Skills that silently send your data to attacker-controlled servers through covert network requests.
Typosquatting
Fake skills that mimic popular ones with slightly different names to trick users into installing them.
Dependency Hijacking
Malicious code hidden in the dependencies of otherwise legitimate-looking skills.
HexaClaw Guardian
Runtime security built for AI agents. Guardian intercepts credential theft, data exfiltration, prompt injection, and persistence attacks before they execute — with sub-5ms overhead.
Real-World Attacks Tested in Isolated VM
| Attack Pattern | Source | Without Guardian | With Guardian |
|---|---|---|---|
| SSH key injection + exfiltration | ClawHub evilweather | Keys stolen | BLOCKED (9) |
| Credential bundling + webhook exfil | ClawHub rankaj | Creds leaked | BLOCKED (6) |
| SOUL.md cognitive rootkit | VirusTotal analysis | Agent hijacked | BLOCKED (3) |
| HEARTBEAT.md C2 injection | VirusTotal analysis | Backdoor installed | BLOCKED (6) |
| MCP tool description poisoning | Invariant Labs | Keys exfiltrated | BLOCKED (12) |
| MCP config injection (RCE) | CVE-2025-54135 | Code executed | BLOCKED (6) |
Guardian Cloud API — Tier 3 Deep Analysis
When local rules need backup, the Cloud API provides LLM-powered threat analysis and proactive red teaming. 28 endpoints covering skills, MCP manifests, code, prompts, IO scanning, compliance, and adversarial simulation.
Skill Scanner
Deep analysis of SKILL.md files for hidden instructions, credential theft, and cognitive rootkits. Detects all 6 ClawHavoc attack vectors.
MCP Tool Poisoning
Catches hidden instructions in tool descriptions, cross-origin shadowing, rug-pull patterns, and schema-level injection (Invariant Labs, CyberArk).
Prompt Classifier
Blocks prompt injection, jailbreaks (DAN, Skeleton Key, Crescendo), social engineering, and cross-lingual attacks with 0.85-0.98 confidence.
Code Analysis
Detects reverse shells, persistence mechanisms, privilege escalation, DNS exfiltration, and obfuscated payloads across Python, Bash, Perl.
IO Scanner
Catches API keys, SSH keys, JWTs, PII (SSN, credit cards, medical records), and Stripe keys in tool output before they leave your machine.
Threat Intelligence
Live feeds from URLhaus, PhishTank, and ThreatFox. Domain reputation via VirusTotal and Google Safe Browsing.
Red Team Engine
157 curated attacks across 15 OWASP-mapped categories. Self-eval mode audits your own AI system's defenses — showing which tier caught each attack and what slipped through. Expand to 1,500+ AI-generated variants.
Defense in depth: even when a model refuses 95% of attacks, Guardian catches the 5% that slip through. Tested against Claude Opus 4, Gemini 2.0 Flash, and Gemini 2.0 Flash Lite.
Four Tiers of Defense
Every request passes through Guardian's multi-layer security pipeline. Most threats are caught in under 5ms.
Regex Engine
<5ms
Pattern matching against 163 rules. Catches known attack signatures instantly.
Heuristic Analysis
<50ms
Behavioral analysis detects obfuscation, encoding tricks, and tool-native attacks.
ML Classification
<200ms
Machine learning model classifies novel attack patterns and zero-day threats.
Cloud API
<500ms
LLM-powered deep analysis for complex attack chains. Includes 157-attack red team engine across 15 OWASP categories — audit your own AI system's defenses with self-eval mode.
Why HexaClaw Scans Every Skill
Basic antivirus catches malware signatures in binaries. But prompt injection — the #1 attack vector — lives in SKILL.md text files, not binaries. HexaClaw goes deeper.
Basic Scanning
- Scans for malware signatures in binaries
- Catches known malware families
- Cannot catch prompt injection payloads
- No behavioral analysis
- No runtime protection
- No config hardening
Basic binary scanning cannot catch prompt injection payloads in text-based skill definitions.
HexaClaw
- Custom YARA rules for prompt injection
- Heuristic behavioral analysis
- Guardian runtime security (58 rules)
- Hardened security config
- Pre-verified skill bundles
- Real-time threat blocking (sub-5ms)
Built on Cisco AI Defense. 42 confirmed blocks against real ClawHub attack patterns. Zero false positives.
36% of skills on public registries contain prompt injection vulnerabilities that basic scanning cannot detect. HexaClaw scans for these by default.
Source: Snyk ToxicSkills study (Feb 2026)
Pricing
Simple Pricing. Cancel Anytime.
Start free with 1,000 credits. Pro gives you every AI service on one bill. Max adds full security and 2.5x more credits.
Free
1,000 welcome credits. All models. Buy more anytime.
- 1,000 welcome credits
- All models unlocked
- No credit card required
- Buy more credits anytime
Pro
Every AI service on one account. Credits, smart routing, and basic security.
- Everything in Free, plus:
- 20,000 credits/month
- All 30+ models (Claude, Gemini, GPT, etc.)
- Full API: LLMs, search, images, voice, browser, vectors
- Smart routing across providers
- Guardian security (basic rules)
- Basic hardened config
- Community skills
- Bring your own API keys
- Priority email support
Max
Full Guardian protection. More credits. No API keys needed.
- Everything in Pro, plus:
- 50,000 credits/month (2.5x more)
- Built-in credits — no API key needed
- Guardian Tier 2 (full heuristics + tool-native detection)
- Guardian Tier 3 Cloud API (LLM-powered threat analysis)
- OTA rule updates (new CVEs pushed within hours)
- 3 curated skill packs (10 verified skills)
- Skill scanner (detects ClawHavoc-style attacks)
- MCP tool poisoning detection (Invariant Labs patterns)
- HexaClaw Verify scanner CLI
- Hardened config with advanced toggles
- Threat intelligence feeds (URLhaus, PhishTank, ThreatFox)
- Domain reputation checking (VirusTotal + Safe Browsing)
- Higher relay session limits
- Early access to new skills and rule updates
Enterprise
Private cloud routing. Zero data retention. Full compliance.
- Everything in Max, plus:
- Private cloud routing (Ollama, vLLM, TGI)
- Zero data retention
- Customizable PII detection policies
- API key & secret scanning (14 patterns)
- Team management with RBAC
- SSO / SAML (coming soon)
- Compliance dashboard & audit logs
- Custom SLA
- Dedicated account manager
Need More Credits?
Credit packs work with any plan. Use Gemini Flash for thousands of runs, or Claude/GPT for targeted tasks.
Protect Your Agent. Test Your Defenses.
Full Guardian security with the Max plan. 163 rules, real-time defense, 157-attack red team engine, zero overhead.
Currently in closed beta. Free to start when you get access.