01 /
MONKEYCLAW
Multi-Agent Security System
Continuous red, blue, and purple-team security testing for agent runtimes.
- Role
- Lead Engineer & Contributor
- Status
- Public repository · working demo
- Verified proof
- 18 seeded attack zones · 8 verifier gates · 1,051 tracked test functions
Multi-contributor project

From constraint to evidence
The work, end to end.
Problem
Agent runtimes can read source, run shell commands, call tools, and touch the network. A one-time audit cannot keep up with changing prompts, skills, permissions, and sandbox behavior, and a blocked attack is still risky if no detection fired.
Approach
I built a five-stage loop: red-team ideation across 18 attack-surface zones, programmatic and semantic judging, repro and root-cause analysis, blue-team patch generation, and purple-team detection-as-pass verification. The demo path runs with zero model credentials against a planted victim.
Outcome
The repo now includes a working CLI, seeded demo, live dashboard, tiered verifier gates, attack coverage tracking, Telegram alert paths, and a growing regression model that treats silent controls as incomplete defenses.
Overview
What shipped
MonkeyClaw is a continuous security agent for NemoClaw and OpenClaw deployments. It generates attack ideas, executes them against live or mocked sandboxes, judges the result, reproduces confirmed findings, proposes patches, and checks that the defense was observable in telemetry instead of silently passing.
Built with
- Python
- NVIDIA Nemotron
- SQLite
- FastAPI
- pytest
- OpenClaw
Evidence