{"slug": "clawmoat-runtime-containment-for-ai-agents-after-fable-5", "title": "ClawMoat, runtime containment for AI agents after Fable 5", "summary": "ClawMoat, a runtime containment tool for AI agents, launched to protect against security risks from tool use on laptops. The open-source scanner monitors agent actions, data exposure, and hidden instructions in files to prevent prompt injection and credential leaks. It targets desktop agents like Claude Code and Cursor that access real files, browser sessions, and credentials.", "body_md": "Desktop agents are finally useful because they can touch your real files, real browser, real shell, real Gmail, and real workflows.\n\nThat also means one poisoned webpage, doc, email, MCP server, or background job can turn your assistant into a security incident. ClawMoat watches the work you are not watching.\n\nThe old threat model was hallucination. The new threat model is tool use on a laptop full of credentials, private files, browser sessions, and background tasks.\n\nYour agent works better when it can see the files you actually use. It also has a bigger blast radius.\n\nHelpful agents run commands, edit files, install packages, and call APIs. Those same tools can leak secrets or destroy state.\n\nEmails, webpages, docs, and tickets are untrusted input. Prompt injection stops being cute when it can trigger tool calls.\n\nCron jobs and background sessions keep working after your attention moves elsewhere. That is exactly when guardrails matter.\n\nIt scans the things that influence your agent, the actions your agent wants to take, and the data your agent is about to expose.\n\nHidden instructions in webpages, READMEs, emails, Slack exports, PDFs, and support tickets.\n\nAPI keys, SSH keys, GitHub tokens, cloud credentials, npm tokens, and secrets in logs or outbound messages.\n\nDestructive shell commands, sketchy curl pipes, sensitive file reads, suspicious network exfiltration.\n\nNo identity, no approval gates, no kill switch, no MCP policy, no trail for what the agent did while you were gone.\n\nIf an agent is already touching your laptop, the buy path should be obvious. Start with the free local scanner, or put a paid seatbelt around your desktop-agent workflow.\n\nFor quick local checks before you give an agent more power.\n\nFor one builder running agents on a real laptop.\n\nFor teams with multiple agents, shared policies, and real security review.\n\nNeed a manual review or implementation sprint? [See service pricing](/pricing/) or [request a review](/request/?utm_source=homepage&utm_medium=site&utm_campaign=buy-section&utm_content=manual-review).\n\nScan locally, watch the attack, audit the lifecycle, then buy protection or request a deeper review.\n\nUse this as the quick mental model for Hermes, Claude Code, Codex, OpenCode, Cursor agents, local models, and MCP-heavy setups.\n\nShort enough to post, specific enough to land.\n\nClawMoat is open source, zero dependency, and built for the people putting agents on real machines right now.", "url": "https://wpnews.pro/news/clawmoat-runtime-containment-for-ai-agents-after-fable-5", "canonical_source": "https://clawmoat.com/", "published_at": "2026-06-14 02:03:00+00:00", "updated_at": "2026-06-14 02:30:09.771280+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-tools", "ai-products"], "entities": ["ClawMoat", "Hermes", "Claude Code", "Codex", "OpenCode", "Cursor"], "alternates": {"html": "https://wpnews.pro/news/clawmoat-runtime-containment-for-ai-agents-after-fable-5", "markdown": "https://wpnews.pro/news/clawmoat-runtime-containment-for-ai-agents-after-fable-5.md", "text": "https://wpnews.pro/news/clawmoat-runtime-containment-for-ai-agents-after-fable-5.txt", "jsonld": "https://wpnews.pro/news/clawmoat-runtime-containment-for-ai-agents-after-fable-5.jsonld"}}