AI agent security gateway
Your agents fly.
You stay in control.
A security gateway between your AI agents and the tools they touch — Claude Code, MCP servers, Gmail, GitHub, shells, and APIs. Approve a task once; Clawvisor scopes every call to it, swaps in credentials, and logs what the agent did.
Task
token spend$0.00Fix the failing snapshot test in billing-api.
The problem
Today, every way to run agents is a bad trade.
You get one of three options. Not one of them is fast and safe.
Run fast, unsafe
Skip the prompts, hand over the keys, and let the agent rip.
One confused agent, and the damage is irreversible.
Approve everything
Put a human in the loop on every single call the agent makes.
Approval fatigue sets in. You rubber-stamp, so you approve nothing.
Lock it down
Scope the agent so tightly it can barely touch a thing.
Now it's safe, because it's useless.
Run fast and safe.
Approve the task, not the tools. Access binds to the task, so agents move at full speed and still can't step outside what you approved.
That's Clawvisor.
The things you couldn't safely do before.
Approve the task once, and access binds to it. That turns each of these from a tool you bolt on into something you finally get to say yes to.
Cost attribution
See what every token actually bought.
Because spend is bound to the task and the person who approved it, every dollar rolls up to a real unit of work and the team that owns it. No more one opaque model bill you can't explain, just the return, line by line.
How it works
A checkpoint on every agent request.
Your agent
Clawvisor
verify · scope · log
LLM
01 · Intercept
Every call routes through
Point your base URL at the gateway. Every model and tool call flows through it before it does any real work.
02 · Verify & scope
Checked against the task
Clawvisor matches the call to the task's declared purpose, then grants only the tools that purpose needs.
03 · Execute & log
Scoped creds, full trail
Approved calls run with short-lived, scoped credentials. Every decision is written to a full audit log.
The task model
Approve the task,
not the tools.
A task is a purpose plus the tools that purpose needs, whether that's triaging an inbox or shipping a fix with a shell and the repo. Clawvisor binds access to the task: the agent gets exactly what the work requires, for exactly as long as it runs, then it's gone.
Drop-in adoption
Works with any agent harness.
Clawvisor sits between your agent and the LLM it calls. Point your agent at Clawvisor and every request runs through policy first: identity checked, tools scoped, calls logged, before it ever reaches the model or a tool. No SDK, no agent code to touch.
- task verified
- tools scoped
- every call logged
Credentials
Agents never hold your secrets.
The agent only ever holds a scoped, short-lived handle. The real token stays in the vault, and Clawvisor injects it only at the moment of an approved call. Go ahead: reveal it. The model never can.
What the agent receives
non-sensitiveA pointer, not a key. Useless on its own and outside its scope.
↑ stands in for ↓
The real GitHub API key
vaultedghp_Rk8f2Kd9mPq2RxN4vTb7Lc3Wj••••••••••Stored in the vault. Injected only at the moment of an approved call.
claude --dangerously-skip-permissions
Stop choosing between fast and safe.
Hand your agents real work and let them run. Clawvisor keeps every call inside the task you approved, so your whole team moves faster.