clawsec focuses on SOUL.md policy drift and config hardening — solid foundational layer. One gap it leaves open: there's no signed artifact proving which MCP tool calls were actually dispatched (allowed vs blocked) within an OpenClaw session after the session ends.
We're building HELM AI Kernel (OSS, MIT), a dispatch-layer complement:
- Sits between the OpenClaw/NanoClaw agent and its MCP servers via an OpenAI-compatible proxy
- Enforces default-deny policy per tool call (ALLOW/DENY/ESCALATE)
- Quarantines unknown MCP servers until schema and policy approval
- Emits a signed receipt per dispatch decision (independent of the model's output)
- Bundles receipts into an offline-verifiable EvidencePack
The stack together:
- clawsec: SOUL.md drift detection, config hardening, pre-session guardrails
- HELM Kernel: dispatch enforcement + tamper-evident session audit trail
Would you be open to testing HELM in front of one of the OpenClaw variants clawsec supports, to see if default-deny fires on policy-restricted tools and the receipt trail complements your SOUL.md audit?
Local demo (~5 min):
brew install mindburnlabs/tap/helm-ai-kernel
helm-ai-kernel serve --policy ./release.high_risk.v3.toml
helm-ai-kernel boundary status --json
helm-ai-kernel receipts tail --agent agent.demo.exec --server http://127.0.0.1:7714
helm-ai-kernel verify evidence-pack.tar
Repo: https://github.com/Mindburn-Labs/helm-ai-kernel
One feedback question: Does clawsec currently produce any artifact that survives a session and proves which tool calls were dispatched vs blocked — or is that an acknowledged gap in the current security model?
clawsec focuses on SOUL.md policy drift and config hardening — solid foundational layer. One gap it leaves open: there's no signed artifact proving which MCP tool calls were actually dispatched (allowed vs blocked) within an OpenClaw session after the session ends.
We're building HELM AI Kernel (OSS, MIT), a dispatch-layer complement:
The stack together:
Would you be open to testing HELM in front of one of the OpenClaw variants clawsec supports, to see if default-deny fires on policy-restricted tools and the receipt trail complements your SOUL.md audit?
Local demo (~5 min):
Repo: https://github.com/Mindburn-Labs/helm-ai-kernel
One feedback question: Does clawsec currently produce any artifact that survives a session and proves which tool calls were dispatched vs blocked — or is that an acknowledged gap in the current security model?