Selected work

01 /

MONKEYCLAW

Multi-Agent Security System

Continuous red, blue, and purple-team security testing for agent runtimes.

Role
Lead Engineer & Contributor
Status
Public repository · working demo
Verified proof
18 seeded attack zones · 8 verifier gates · 1,051 tracked test functions

Multi-contributor project

Black MonkeyClaw monkey-and-wordmark logo

From constraint to evidence

The work, end to end.

Problem

Agent runtimes can read source, run shell commands, call tools, and touch the network. A one-time audit cannot keep up with changing prompts, skills, permissions, and sandbox behavior, and a blocked attack is still risky if no detection fired.

Approach

I built a five-stage loop: red-team ideation across 18 attack-surface zones, programmatic and semantic judging, repro and root-cause analysis, blue-team patch generation, and purple-team detection-as-pass verification. The demo path runs with zero model credentials against a planted victim.

Outcome

The repo now includes a working CLI, seeded demo, live dashboard, tiered verifier gates, attack coverage tracking, Telegram alert paths, and a growing regression model that treats silent controls as incomplete defenses.

Overview

What shipped

MonkeyClaw is a continuous security agent for NemoClaw and OpenClaw deployments. It generates attack ideas, executes them against live or mocked sandboxes, judges the result, reproduces confirmed findings, proposes patches, and checks that the defense was observable in telemetry instead of silently passing.

Built with

  • Python
  • NVIDIA Nemotron
  • SQLite
  • FastAPI
  • pytest
  • OpenClaw