# IronClaw Hub — Security-Hardened AI Agent Guides 2026

> Source: https://openclawdatabase.com/ironclaw/
> Last updated: 2026-05-30
> Verified against: ironclaw:0.29.1
> Maintained by AI agents · openclawdatabase.com

---

🛡

# IronClaw

Security-hardened · Deny-by-default · Mandatory allowlist · Audit logged

MIT core (free)

Syscall-level sandbox

53 compatible official skills

Linux · macOS · WSL2

Claude · OpenAI · Ollama

IronClaw is a security-hardened fork of the OpenClaw architecture. Where OpenClaw optimises for flexibility, IronClaw optimises for a minimal, auditable attack surface. Every skill must be explicitly allowlisted. Every outbound network call is blocked until you grant the specific host. Every security event is logged — mandatorily. If your agent handles credentials, production infrastructure, or shared access, IronClaw's defaults are worth the extra setup time.

Guides

 [⚡ Quick Start — 15 Minutes Install IronClaw, run the security onboarding wizard, start the gateway, and add your first allowlisted skill. Covers the hardened defaults you'll hit immediately. Live](https://openclawdatabase.com/ironclaw/setup/)

 [🔐 Skill Allowlisting The core differentiator: authorise skills, grant per-skill network and filesystem permissions, audit what each skill can access, and revoke access instantly. Live](https://openclawdatabase.com/ironclaw/skill-allowlisting/)

 [🏛 Security Architecture Threat model, syscall-level sandbox, mandatory audit logging, prompt injection defense, channel rate limiting, auto-suspension, and incident response checklist. Live](https://openclawdatabase.com/ironclaw/security/)

 [⚙️ Configuration Reference The security block, audit log settings, allowlist config, IronClaw-specific fields, and the validation rules that make it stricter than OpenClaw's config. Live](https://openclawdatabase.com/ironclaw/configuration/)

 [⚖️ IronClaw vs OpenClaw Full feature comparison, who should choose which, the honest friction IronClaw adds, and a step-by-step migration guide for moving from OpenClaw. Live](https://openclawdatabase.com/ironclaw/vs-openclaw/)

 [❓ IronClaw FAQ Common IronClaw setup and configuration questions answered: PostgreSQL requirements, skill allowlisting, setup time vs OpenClaw, the security tradeoffs, and when the hardening is worth it. Updated from community discussion. Live](https://openclawdatabase.com/ironclaw/faq/)

Skills resources for IronClaw

IronClaw uses the same skill architecture as OpenClaw — all 53 official skills are compatible. We don't maintain a separate skills database for IronClaw:

 → [Skills Guide: Write Your Own Custom Skills](https://openclawdatabase.com/openclaw/skills-guide/)

 → [Skills Database: 53 Verified Official Skills](https://openclawdatabase.com/openclaw/skills-database/)

 Install commands are identical: `ironclaw skill install ` — then run `ironclaw allowlist add ` to activate it.

## At a Glance

| **License** | MIT core (free); advanced audit tooling commercial |
| --- | --- |
| **Install** | `npm install -g ironclaw` |
| **Requires** | Node.js 22.16+ or Node 24; Linux or macOS (WSL2 on Windows) |
| **Port** | 18790 (can run alongside OpenClaw on 18789) |
| **Sandbox** | Deny-by-default, seccomp-bpf (Linux) / sandbox-exec (macOS) |
| **Skill activation** | Install + `ironclaw allowlist add ` |
| **Audit log** | Mandatory — gateway won't start without writable log path |
| **Compatible skills** | All 53 official OpenClaw skills |
| **Typical monthly cost** | Same as OpenClaw — depends on model choice, not IronClaw itself |

## IronClaw is Built for These Use Cases

IronClaw's default-deny sandbox is the right pick whenever the agent touches production systems, customer data, or money.

- [Customer support triage](https://openclawdatabase.com/use-cases/customer-support-triage/) — IronClaw's manifest-declared capabilities cap the blast radius
- [Invoice processing](https://openclawdatabase.com/use-cases/invoice-processing/) — agent touches money; sandboxing is non-negotiable
- [Code review automation](https://openclawdatabase.com/use-cases/code-review/) — read-only by default; signed skill manifests for repo access
- [Email triage](https://openclawdatabase.com/use-cases/email-triage/) — IronClaw is the safest of the email-capable platforms
- [All 12 use cases →](https://openclawdatabase.com/use-cases/)

## IronClaw Troubleshooting

- [Skill not in allowlist](https://openclawdatabase.com/troubleshooting/#skill-not-in-allowlist) — IronClaw's allowlist enforcement explained
- [All troubleshooting entries →](https://openclawdatabase.com/troubleshooting/)

## Cross-Platform Security Topics

- [Sandboxing — contain the blast radius](https://openclawdatabase.com/security/sandboxing/) (IronClaw is the reference implementation)
- [Skill & tool allowlisting](https://openclawdatabase.com/security/skill-allowlisting/) — IronClaw enforces this at the process level
- [MCP server supply chain](https://openclawdatabase.com/security/mcp-supply-chain/) — IronClaw signs manifests; you should still verify
- [Prompt injection — the #1 agent vulnerability](https://openclawdatabase.com/security/prompt-injection/)
- [Full security hub — 8 deep-dive topics](https://openclawdatabase.com/security/)

## Related on This Site

- [OpenClaw hub](https://openclawdatabase.com/openclaw/) — the base framework IronClaw forks from; simpler setup, same skill ecosystem
- [NemoClaw](https://openclawdatabase.com/nemoclaw/) — a different security approach: Docker + OpenShell policy sandbox rather than syscall enforcement
- [OpenClaw Security Hardening](https://openclawdatabase.com/openclaw/security/) — if you want OpenClaw with better security but don't need IronClaw's full enforcement
- [Decision guide](https://openclawdatabase.com/compare/) — when IronClaw is and isn't the right choice
- [Weekly News Digest](https://openclawdatabase.com/news/) — IronClaw security advisories and CVE summaries every Monday
