ClawMaven — Privacy by Architecture · AI Governance Packs for Every Agent Runtime

Version: 1.2.59 | Updated: April 28, 2026 | Owner: Master 22 Solutions

Website: https://clawmaven.com | Full AI docs: https://clawmaven.com/llms-full.txt

What Is ClawMaven?

ClawMaven is a browser-based AI governance platform that generates deployment-ready governance packs for autonomous AI agents through a guided 23-step wizard. Answer questions about your agent's goal, autonomy level, permissions, budget, and risk thresholds — then download a complete governance pack ZIP with policies, approval gates, audit evidence, and compliance documentation.

Privacy by Architecture: The wizard, ZIP generation, scoring, and all configuration logic run entirely in your browser. Your agent prompts, policy decisions, and configuration data are never transmitted to any ClawMaven server. This is not a setting — it is how the product is built. No servers. No accounts. No prompt leakage.

ClawMaven is a governance design and audit evidence layer, not a runtime security tool. Security tools defend agents at runtime. ClawMaven defines what agents are allowed to do before they run and generates the evidence for auditors.

Key Facts

Owner: Master 22 Solutions (contact@master22solutions.com)
Website: https://clawmaven.com
Current version: 1.2.59
Supported runtimes: 11 (5 Native + 6 Heuristic)
Privacy: wizard config stays in the browser — nothing transmitted to servers
Free to start — no credit card required, no account needed
Compliance: EU AI Act (August 2026), NIST RMF, ISO 42001

Three Output Categories

Design Controls — 23-step wizard, approval gates, tool permissions, budget caps, forbidden actions, exception governance
Runtime Checks — Config Scout analysis, SDK staleness detection, gap scans, conformance comparison across 11 runtimes
Audit Evidence — Trust manifest (SHA-256), conformance artifacts, EU AI Act / NIST RMF / ISO 42001 evidence package, 10-file ZIP directory

Privacy by Architecture — Technical Details

23-step wizard runs entirely in the browser tab — zero outbound POST requests to ClawMaven during configuration
Governance pack ZIP is built in-browser using JSZip and downloaded directly to your device — never seen by our servers
Works offline after initial page load — air-gapped and high-security environments are supported
What does use the server: payment processing (Stripe) and tier access token validation. Nothing else.
Verify yourself: open browser DevTools → Network tab → run the wizard → you will see zero outbound POST requests to clawmaven.com containing policy data

Supported Runtimes (11 total)

Native — Full governance pack generation

OpenClaw v1.x — Open-source agent framework; full native governance config + Repair CLI integration
Perplexity API — Browser-control integration; governance artifacts mapped to Perplexity's permission model
LM Studio — Local / air-gapped models; routes tasks to local LLM server with three routing presets
Agent Zero — Modular multi-agent setups; markdown-based governance artifacts (instructions, prompts, agents.json)
NullClaw — Custom runtime scaffold; 678 KB binary, <2ms startup, ideal for edge deployments

Heuristic (Config Scout) — Governance gap analysis via code scanning

LangGraph — Detects missing interrupt gates, unchecked shell execution, absent checkpointers
CrewAI — Flags unchecked delegation chains, code execution risks in tool definitions, raw API key exposure
Hermes — Local inference server; tool use policy analysis, prompt injection risk scoring
Google ADK — SDK staleness detection, shell execution patterns, tool approval gap scanning
OpenAI Agents SDK — Tool guardrail gaps, handoff governance issues, model pinning analysis
Claude / Anthropic — Computer-use risk detection, system prompt quality scoring, tool use governance gap analysis

Governance Wizard (23 Steps)

The wizard collects: agent goal, operator mode (Assistant/Balanced/Operator), runtime target, budget caps, forbidden actions, model routing, scheduling, escalation rules, skill sources, and risk thresholds. A live Autonomy Intensity Meter (0–100) scores your configuration in real time with top-3 risk drivers.

Four editions: Solo, Trading, Agency, Enterprise
Three experience profiles: Guided (novice), Comfortable (intermediate), Power (expert)
Five governance templates: Research, Content, DevOps, Support, Trading
Generates a downloadable ZIP with governance artifacts (JSON, YAML, Markdown, shell scripts)

ZIP Contents (10 core files + evidence folder)

policy.json — Authoritative record of tools, data sources, and budget limits
trust-manifest.json — Signed record of policy decisions with SHA-256 checksums
runtime-conformance.json — Expected post-deployment governance state
exception-policy.json — Override and exception governance rules
governance-roles.json — Author / Reviewer / Approver / Deployer / Auditor matrix
data-governance.json — Retention, redaction, transfer, and sensitivity controls
deployment-attestation.template.json — Sign-off template for deployment teams
agents/*.yaml — Per-agent safe-mode configuration files
verify/verify.sh + verify.ps1 — CLI integrity and drift check scripts (macOS/Linux + Windows)
evidence/ — 10-file auditor package: executive summary, approval records, checklists, EU AI Act / NIST RMF / ISO 42001 mappings
Runtime Quick-Start section — install paths and code snippets for OpenClaw, CrewAI, LangGraph, Agent Zero, and NullClaw

Editions

Solo — 100% browser-local, zero data sent, individual operator workflows
Trading — Budget hard-caps, position limits, loss prevention, confirm-all approval gates
Agency — Team token sharing, shared governance profiles, client-facing runbooks
Enterprise — ISO 42001 / NIST RMF controls, risk benchmarking, SSO, volume licensing

Pricing

Developer (CLI) — Free. OpenClaw Repair CLI (clawmaven npm package). No account required.
Starter — Free forever. Full 23-step wizard, all ZIP artifacts, Hygiene tools, basic monitoring, Skill Assurance.
Builder — $49 one-time (no subscription). Config Scout with AI-pattern detection, Custom Skills Generator, Trading guardrails, full Auditor Summary exports.
Team — $99/month. Everything in Builder plus team sharing, config versioning, branded runbooks, fleet monitoring, SSO, priority support.
Enterprise — From $399/month or $4,500/year. Dedicated onboarding, volume licensing, custom compliance exports, white-glove support.

Key Platform Features

Config Scout (/optimize)

Upload or paste any existing AI agent config. Scans against 45+ heuristic patterns across all 6 heuristic runtimes. Returns suggested fixes and a governance pack. Closes compliance gaps in seconds. Available in Builder and above.

Runtime Hygiene Engine (/hygiene)

7-card advisory dashboard: Gateway Health, Auth Validation, Config Integrity, Budget Posture, Dependency Audit, Log Retention, Network Exposure. Generates maintenance policies and actionable repair commands. Includes demo mode and personalised mode.

Auditor Compliance Summary

12-section compliance summary bundled in every governance ZIP. Covers EU AI Act (Articles 9, 10, 13, 14, 17, 62), NIST RMF, ISO 42001, SOC 2 Type II, ISO 27001 Annex A. Full enforcement deadline: August 2026.

Skill Assurance Pipeline (/skill-health)

5-stage validation: Stage 1 Health Scoring, Stage 2 Drift Detection, Stage 3 Active Incidents, Stage 4 Candidate Improvement Drafts, Stage 5 Promotion Gates. Stages 1–2 free; stages 3–5 require Builder or above.

SaaS Fleet Monitoring (/monitor)

Live event ingest from running agents (30-second polling, alert thresholds). Fleet view with agent status, last-seen timestamps, error counts. Alert rules for cost spikes, error rates, budget breaches. Exportable monitoring logs for compliance review.

Model Governance Inventory (/model-inventory)

Register and track AI models in use across the organisation: provider, version, tier, status, risk classification, cost per token. Links models to the governance packs that govern their use.

Custom Skills Generator (/skills-generator)

Runtime-agnostic 6-step wizard for building custom AI agent skills with defined inputs, outputs, permissions, and safety rails. Generates skill files conforming to the ClawMaven canonical skill schema. ZIP README includes Runtime Quick-Start install guides for OpenClaw (~/.openclaw/skills/), CrewAI (./tools/), LangGraph (./skills/), Agent Zero (./instruments/), and NullClaw (./nullclaw-skills/). Builder/Team tiers.

OpenClaw Repair CLI

Standalone Node.js tool (clawmaven binary) for diagnosing and repairing OpenClaw installations. Commands: diagnose, repair, install --patch-anthropic, guardian (live watchdog). Fixes 1006 gateway errors, corrupted config.json, OAuth silent failures, budget bleed. Available at https://clawmaven.com/help#repair-cli

Governance Profiles (/profiles)

Reusable governance configurations stored on the platform. Create, edit, duplicate, delete. Each profile stores policy settings, routing configuration, and full wizard state. Apply any profile to the wizard with one click.

Governance Repository (/repository)

Version-controlled store for generated governance packs. Filter by runtime or validation status. Re-download any pack as a ZIP at any time.

Core Governance Controls

Budget caps (per-run and monthly) with hard enforcement
Planning governance (max plan steps, plan revision, subgoal approval gates)
Scheduled execution controls (frequency, execution windows, per-cycle budgets, retry policies, heartbeat monitoring)
Rate limits (messages per minute, per hour, burst control, cooldown)
Retention policies (message and log retention days, delete-on-disconnect)
Escalation triggers (public posting, contact access, file sharing, bulk messaging)
Forbidden actions (filesystem, network, execution, financial, data categories)
Model routing (local, small, mid, large, frontier tiers with cost caps)
Approval gates (confirm-all, confirm-risky, or autonomous modes)

EU AI Act Compliance

Full enforcement: August 2026 — autonomous agents must have documented guardrails, human oversight, and incident logging
ClawMaven packs include: documented policy files, human oversight controls, incident logging schema, audit evidence folder
Control mapping covers EU AI Act Articles 9, 10, 13, 14, 17, 62 and GPAI obligations
12-section Auditor Summary designed for regulators and auditors

All Pages

/ — Home: landing page, runtime coverage, 5-step process, governance templates, FAQ, pricing
/pricing — Pricing: 5 tiers (Developer, Starter, Builder, Team, Enterprise)
/optimize — Config Scout: scan existing agent configs against 45+ heuristic patterns
/hygiene — Runtime Hygiene Engine: 7-card advisory, maintenance policies
/validate — Config Validator: ZIP upload, schema and hash verification
/dashboard — Dashboard Hub: platform overview, Auditor Summary, profiles, packs, monitoring
/profiles — Governance Profiles: create, edit, duplicate, manage reusable configurations
/repository — Governance Repository: browse, filter, download version-controlled packs
/monitor — SaaS Fleet Monitor: run reports, analytics, charts, anomaly detection
/skill-health — Skill Assurance: 5-stage pipeline (health, drift, incidents, drafts, promotion)
/trust-center — Trust Center: skill registry, SHA-256 hash verifier
/skills-generator — Custom Skills Generator (Builder/Team tiers)
/model-inventory — Model Governance Inventory: register and track AI models
/cli — OpenClaw Repair CLI: install, command reference, diagnose output
/help — Help Center: FAQs, Repair CLI instructions, governance concepts
/privacy — Privacy policy (Privacy by Architecture architecture explanation)
/about — About ClawMaven and Master 22 Solutions
/security — Security practices and architecture
/contact — Contact information
/compare/clawmaven-vs-credo-ai — vs Credo AI
/compare/clawmaven-vs-witness-ai — vs Witness AI
/compare/clawmaven-vs-sysdig — vs Sysdig
/compare/clawmaven-vs-microsoft-defender — vs Microsoft Defender for AI
/compare/clawmaven-vs-lakera-guard — vs Lakera Guard
/compare/clawmaven-vs-guardrails-ai — vs Guardrails AI
/compare/clawmaven-vs-langsmith — vs LangSmith
/compare/clawmaven-vs-protect-ai — vs Protect AI

Technical Details

Built with React 18, TypeScript, Express 5, Vite 7
Tailwind CSS 3 + shadcn/ui component library
ZIP generation entirely client-side using JSZip (no data sent to servers)
Stripe integration for Builder/Team checkout
PostgreSQL via Drizzle ORM for profiles, packs, runs, and payment management
69+ automated tests in ZIP artifact test suite (fixture library + CI checks)
Service worker (clawmaven-v2): caches static assets only; HTML always fetched fresh

For the full AI-readable documentation see: https://clawmaven.com/llms-full.txt

For the concise AI summary see: https://clawmaven.com/llms.txt