Blog

1claw shipped a Risk Engine that catches credential compromise while it’s happening. Geo-velocity detection, honeytoken traps, DPoP token binding, and Continuous Access Evaluation — here’s what it does and why it matters.

The Humanity Protocol breach was a key theft, not a contract bug. How HSM-backed Vault custody, Intents API signing, and Shroud inspection give AI agents a safer model than keys on laptops.

Bankr handles the trading. 1claw adds an HSM-grade vault, TEE-protected LLM proxy, and HSM/TEE signing for external credentials and EOAs — defense in depth for serious agent deployments.

There is no clean way for an AI agent to transact on a public blockchain without leaking something it shouldn't. 1Claw was built for key and context leaks. Midnight was built for on-chain leaks. This is what happens when you put them together.

A practical look at building a private inference stack for AI agents using 1Claw Shroud (TEE LLM proxy), Darkbloom (hardware-attested Apple Silicon), and Venice AI (zero retention plus TEE).

A reference agent that provisions identity, pushes to GitLawb, launches a token on Bankr, and signs a swap on Base — without ever holding a private key.

AgentKit gives agents powerful onchain tools. 1Claw adds the security layer for autonomous operation: TEE signing, spend limits, address allowlists, and zero secrets on disk.

We built native 1claw support into OpenClaude — HSM-backed vault secrets at runtime, Shroud TEE inspection on every LLM call, and Intents API transaction signing without the agent ever holding the key.

On May 4, somebody tricked Grok into draining $175K from Bankrbot’s wallet with Morse code. No exploit, no jailbreak — just two bots trusting each other. Here’s why the fix isn’t a smarter model. It’s a dumber, stricter signer.

A LangGraph weather agent that pulls OpenWeatherMap and provider keys from a 1Claw vault at runtime. Neither key sits in .env, enters the prompt, or touches agent memory.

Register your app, create a bootstrap template, and scaffold HSM-backed secrets infrastructure for every new user in one API call. Your users own their secrets — you can’t peek at them.

A CrewAI news agent that pulls OpenAI and NewsAPI keys from a 1Claw vault at runtime. Neither key sits in .env, enters the prompt, or touches agent memory.

1Claw’s unified sign endpoint now supports every modern EVM signing standard — legacy, EIP-2930, EIP-1559, EIP-4844, EIP-7702 transactions plus EIP-191 and EIP-712 — with per-agent signing keys, human-controlled rotation, and optional TEE signing via Shroud.

1Claw is now an OIDC Identity Provider. AI agents mint short-lived RS256 tokens, exchange them at Anthropic via Workload Identity Federation, and get session credentials that expire in minutes. No static keys, no rotation, just identity.

How 1Claw combines multi-party computation, Trusted Execution Environments, and Google Cloud KMS to eliminate single points of compromise for AI agent signing keys.

The 1Claw Agent Template is live on Pinata’s OpenClaw marketplace. HSM-backed secrets, Shroud LLM proxy, and Intents API transaction signing — deployed in ten minutes.

A walkthrough for deploying the 1Claw template on Pinata's OpenClaw platform — secure your agent credentials in an HSM vault in about ten minutes.

Lab tests show AI agents exploiting systems and leaking secrets when given broad access. The fix: don't give agents copies of secrets—give them scoped, auditable access. How 1Claw's vault, Shroud, and Intents API reduce insider risk.

LLM traffic from AI agents carries keys and sensitive data and is vulnerable to injection. Shroud is a TEE-backed proxy that inspects every request, redacts secrets and PII, and enforces policy before forwarding to the provider.

We aren't just serving pages anymore—we're spawning autonomous actors. SPIDR (Security, Payments, Identity, Discovery, Runtime) is the infrastructure stack for the agentic era.

We've published the full 1Claw API as an OpenAPI 3.1.0 spec on npm. Here's how to use it to generate a client in any language — or extend our TypeScript SDK with the new plugin architecture.

AI agents need secrets to do useful work — but pasting keys into chat or stuffing them in env vars is broken. Here's why we built 1Claw.