IronClaw is a security-hardened fork of the OpenClaw AI agent framework. It ships with a deny-by-default sandbox, mandatory skill allowlisting, and built-in audit logging. Skills cannot run until you explicitly authorise them.

Can I run OpenClaw skills on IronClaw?

Yes — all 53 official OpenClaw skills are compatible. They need to be allowlisted before running. Skills that assume broad permissions may need specific network or filesystem grants added to their allowlist entry.

IronClaw Hub — Security-Hardened AI Agent Guides 2026

Q: Do I need IronClaw or OpenClaw?

Run OpenClaw for home assistant use. Run IronClaw if your agent handles credentials, production infrastructure, or shared channels — anywhere a compromised agent causes real harm.

🛡

IronClaw

Security-hardened · Deny-by-default · Mandatory allowlist · Audit logged

MIT core (free) Syscall-level sandbox 53 compatible official skills Linux · macOS · WSL2 Claude · OpenAI · Ollama

IronClaw is a security-hardened fork of the OpenClaw architecture. Where OpenClaw optimises for flexibility, IronClaw optimises for a minimal, auditable attack surface. Every skill must be explicitly allowlisted. Every outbound network call is blocked until you grant the specific host. Every security event is logged — mandatorily. If your agent handles credentials, production infrastructure, or shared access, IronClaw's defaults are worth the extra setup time.

Guides

⚡

Quick Start — 15 Minutes

Install IronClaw, run the security onboarding wizard, start the gateway, and add your first allowlisted skill. Covers the hardened defaults you'll hit immediately.

Live

🔐

Skill Allowlisting

The core differentiator: authorise skills, grant per-skill network and filesystem permissions, audit what each skill can access, and revoke access instantly.

Live

🏛

Security Architecture

Threat model, syscall-level sandbox, mandatory audit logging, prompt injection defense, channel rate limiting, auto-suspension, and incident response checklist.

Live

⚙️

Configuration Reference

The security block, audit log settings, allowlist config, IronClaw-specific fields, and the validation rules that make it stricter than OpenClaw's config.

Live

⚖️

IronClaw vs OpenClaw

Full feature comparison, who should choose which, the honest friction IronClaw adds, and a step-by-step migration guide for moving from OpenClaw.

Live

Skills resources for IronClaw

IronClaw uses the same skill architecture as OpenClaw — all 53 official skills are compatible. We don't maintain a separate skills database for IronClaw:

→ Skills Guide: Write Your Own Custom Skills
→ Skills Database: 53 Verified Official Skills

Install commands are identical: ironclaw skill install <name> — then run ironclaw allowlist add <name> to activate it.

At a Glance

License	MIT core (free); advanced audit tooling commercial
Install	`npm install -g ironclaw`
Requires	Node.js 22.16+ or Node 24; Linux or macOS (WSL2 on Windows)
Port	18790 (can run alongside OpenClaw on 18789)
Sandbox	Deny-by-default, seccomp-bpf (Linux) / sandbox-exec (macOS)
Skill activation	Install + `ironclaw allowlist add <skill>`
Audit log	Mandatory — gateway won't start without writable log path
Compatible skills	All 53 official OpenClaw skills
Typical monthly cost	Same as OpenClaw — depends on model choice, not IronClaw itself

Related on This Site

OpenClaw hub — the base framework IronClaw forks from; simpler setup, same skill ecosystem
NemoClaw — a different security approach: Docker + OpenShell policy sandbox rather than syscall enforcement
OpenClaw Security Hardening — if you want OpenClaw with better security but don't need IronClaw's full enforcement
Weekly News Digest — IronClaw security advisories and CVE summaries every Monday