Run agents automating systems with your secrets locked.
What is IronClaw? IronClaw focuses on running AI agents that can touch real systems without putting secrets at risk. Built on NEAR AI Cloud and Rust, it wraps OpenClaw-style personal agents in encrypted enclaves, WebAssembly sandboxes, and an encrypted credential vault. The headline idea is simple: agents can browse, code, and automate while API keys, tokens, and passwords never become LLM-visible text. Key Features: Encrypted credential vault: Stores API keys, tokens, and passwords encrypted at rest, injecting them only at the network boundary for explicitly allowlisted endpoints. Trusted Execution Environment (TEE): Each IronClaw instance boots inside a hardware-backed encrypted enclave on NEAR AI Cloud, protecting data in memory from the host and provider. WebAssembly tool sandboxing: Every tool runs in its own Wasm container with capability-based permissions, no filesystem access, strict resource limits, and constrained outbound networking. Leak detection for secrets: Outbound traffic is scanned in real time, and anything that resembles credential exfiltration is blocked before it reaches the internet. Rust-based runtime: The entire runtime is written in Rust, avoiding classes of memory bugs like buffer overflows and use-after-free, and skipping a garbage collector.

This page includes SoftwareApplication, Breadcrumb, and FAQ structured data when available.