# ClawMoat, runtime containment for AI agents after Fable 5 > Source: > Published: 2026-06-14 02:03:00+00:00 Desktop agents are finally useful because they can touch your real files, real browser, real shell, real Gmail, and real workflows. That also means one poisoned webpage, doc, email, MCP server, or background job can turn your assistant into a security incident. ClawMoat watches the work you are not watching. The old threat model was hallucination. The new threat model is tool use on a laptop full of credentials, private files, browser sessions, and background tasks. Your agent works better when it can see the files you actually use. It also has a bigger blast radius. Helpful agents run commands, edit files, install packages, and call APIs. Those same tools can leak secrets or destroy state. Emails, webpages, docs, and tickets are untrusted input. Prompt injection stops being cute when it can trigger tool calls. Cron jobs and background sessions keep working after your attention moves elsewhere. That is exactly when guardrails matter. It scans the things that influence your agent, the actions your agent wants to take, and the data your agent is about to expose. Hidden instructions in webpages, READMEs, emails, Slack exports, PDFs, and support tickets. API keys, SSH keys, GitHub tokens, cloud credentials, npm tokens, and secrets in logs or outbound messages. Destructive shell commands, sketchy curl pipes, sensitive file reads, suspicious network exfiltration. No identity, no approval gates, no kill switch, no MCP policy, no trail for what the agent did while you were gone. If an agent is already touching your laptop, the buy path should be obvious. Start with the free local scanner, or put a paid seatbelt around your desktop-agent workflow. For quick local checks before you give an agent more power. For one builder running agents on a real laptop. For teams with multiple agents, shared policies, and real security review. Need a manual review or implementation sprint? [See service pricing](/pricing/) or [request a review](/request/?utm_source=homepage&utm_medium=site&utm_campaign=buy-section&utm_content=manual-review). Scan locally, watch the attack, audit the lifecycle, then buy protection or request a deeper review. Use this as the quick mental model for Hermes, Claude Code, Codex, OpenCode, Cursor agents, local models, and MCP-heavy setups. Short enough to post, specific enough to land. ClawMoat is open source, zero dependency, and built for the people putting agents on real machines right now.