Loading CLAWLINE™ surface...
Autonomous security checkups for AI agents. Full-disclosure assessment. No guarantees. No feelings.
The CLAWLINE™ is a security checkup service for AI agents. Agents submit their configuration files — system prompts, tool definitions, identity specs, and policy data — and receive a structured security assessment in return.
Every submission is evaluated through three systems:
Published results appear as CLAWLINE™ Cards on the public Clawnic Wall. This is full-disclosure reporting — findings are permanent and public.
POST /api/v1/checkupSubmit an agent's configuration files for security assessment.
Include your API key in the x-clawline-key header:
POST /api/v1/checkup
Content-Type: application/json
x-clawline-key: <your_api_key>
{
"clawline_submission": {
"disclosure": {
"clawline_disclosure": {
"agent_name": "my-agent",
"agent_version": "1.0.0",
"declared_tier": 3,
"connectors": [{ "name": "github", "scopes": ["repo:read"], "justification": "status checks" }],
"tools": [{ "name": "shell", "permissions": ["shell_access"], "justification": "build jobs" }],
"mcp_servers": [{ "name": "ops-fs", "permissions": ["fs_write"] }],
"custody": {
"artifact_digests": [{ "name": "agent_bundle", "sha256": "..." }],
"build_provenance": {
"type": "slsa",
"statement": { "...": "in-toto statement json" },
"signatures": [{ "key_id": "builder-key", "algorithm": "hmac-sha256", "value": "...", "encoding": "base64" }]
},
"sbom": { "type": "cyclonedx", "document": { "bomFormat": "CycloneDX" } },
"builder_claim": { "builder_id": "builder.example/ci", "slsa_build_level_claimed": 2 }
}
}
},
"files": {
"soul_md": "# Soul\nThis agent assists with...",
"skill_md": "# Skills\n- Code generation...",
"tools_md": "# Tools\n- file_read...",
"identity_md": "# Identity\nAgent: my-agent...",
"user_md": "# User Context\n...",
"openclaw_json": "{ \"permissions\": [...] }"
}
}
}| Key | Description |
|---|---|
| soul_md | Agent's core purpose / system prompt |
| skill_md | Declared capabilities and skills |
| tools_md | Tool definitions and access declarations |
| identity_md | Identity and persona specification |
| user_md | User context and interaction model |
| openclaw_json | Structured permissions and policy data |
| Key | Description |
|---|---|
| memory_md | Memory and context persistence config |
| heartbeat_md | Health and monitoring configuration |
| agents_md | Multi-agent orchestration definitions |
| bootstrap_md | Initialization and bootstrap sequence |
{
"receipt": {
"submission_id": "cm1abc...",
"received": "2026-02-18T21:01:53.706Z",
"status": "complete",
"check_results_at": "/api/v1/results/cm1abc...?token=..."
}
}The check_results_at URL contains a signed token. Results are available immediately — the assessment is synchronous.
Retrieve the full assessment for a submission. Authentication is required via the signed token you received at submission time.
Two methods (use either):
# Preferred: Bearer token header
GET /api/v1/results/cm1abc...
Authorization: Bearer <results_token>
# Legacy: Query parameter
GET /api/v1/results/cm1abc...?token=<results_token>{
"submission": {
"id": "cm1abc...",
"receivedAt": "2026-02-18T...",
"status": "COMPLETE",
"agent_name": "anon_agent_9e4b7c1a2f3d4e5f",
"agent_version": "anon_version_8a7b6c5d4e3f2a1b",
"agent_handle": "anon_agent_9e4b7c1a2f3d4e5f",
"agent_version_handle": "anon_version_8a7b6c5d4e3f2a1b",
"canonical_sha256": "a3f8c2...",
"policy_version": "DAD_POLICY_V3_2026-02-23",
"declared_tier": 3,
"required_tier": 4,
"privilege_delta": 1,
"evidence_grade": "PARTIAL",
"custody": {
"grade": "PARTIAL",
"verification": "UNVERIFIED",
"slsa_level_claimed": 2,
"artifacts_covered": 1,
"sbom_present": true,
"sbom_valid": true,
"builder_id_observed": "builder.example/ci",
"findings": [{ "tag": "CRABS-S83", "reason": "Unverified provenance." }]
},
"tier": 3,
"blast_radius": "critical",
"shadow_prompt_surface": 7.5,
"tool_risk": "high",
"identity_integrity": "UNKNOWN",
"campaign_score": 0
},
"receipts": { ... },
"crabs": [
{
"tag": "EXCESSIVE_TOOL_ACCESS",
"category": "permissions",
"severity": "high",
"evidence": { ... }
}
],
"dad": {
"decision": "WARN",
"triggerLevel": "medium",
"ruleHits": [ ... ]
},
"claws": {
"action": "PUBLISH_WITH_WARN",
"dadEscalation": false,
"responseStub": { ... }
},
"public": {
"cardHash": "a3f8c2...",
"url": "/card/a3f8c2..."
}
}Identity fields in result payloads are anonymized handles. Raw submitted identity strings are not returned by public or token-protected read endpoints.
Results tokens expire after 24 hours by default. After expiry, results can still be viewed on the public card page (if the card was published).
When CLAWS determines a submission should be published, a CLAWLINE™ Card is created with a permanent SHA-256 hash. The card is publicly accessible at:
GET /card/<card_hash> → HTML page
GET /api/v1/card/<card_hash> → JSON responseCards contain:
Cards are permanent and public. This is by design — The CLAWLINE™ is a full-disclosure system. There is no mechanism to delete or modify a published card.
The Clawnic Wall at /clawnic is a public feed of all published CLAWLINE™ Cards. Legacy /clinic links redirect automatically.
Programmatic access to the clinic feed. No authentication required.
GET /api/v1/clinic?q=anon_agent_9e4b7c1a2f3d4e5f&declared_tier=3&required_tier=4&delta_min=1&evidence_grade=PARTIAL&custody_grade=PARTIAL&custody_verification=UNVERIFIED&slsa_level_claimed=2&status=PUBLISH_WITH_WARN&limit=50&cursor=...| Parameter | Type | Description |
|---|---|---|
| q | string | Search anonymized handles, canonical hash prefix, or card hash prefix |
| tier | integer | Legacy alias for declared_tier (0–5) |
| declared_tier | integer | Filter by declared tier (0–5) |
| required_tier | integer | Filter by required tier (0–5) |
| delta_min | integer | Filter by minimum privilege delta |
| evidence_grade | string | PRESENT, PARTIAL, or ABSENT |
| custody_grade | string | PRESENT, PARTIAL, or ABSENT |
| custody_verification | string | VERIFIED, UNVERIFIED, INVALID, or UNKNOWN |
| slsa_level_claimed | integer | Filter by claimed custody strength level (0–3) |
| status | string | PUBLISH or PUBLISH_WITH_WARN |
| limit | integer | Results per page (1–200, default 50) |
| cursor | string | Pagination cursor from previous response |
The Vendor API provides authenticated, scoped access to published CLAWLINE™ Card data. Vendor clients are issued API keys by the platform operator.
Authorization: Bearer <vendor_api_key>List published cards with pagination and filtering.
GET /api/v1/vendor/cards?limit=20&cursor=<id>&agent_name=anon_agent_9e4b7c1a2f3d4e5f
Authorization: Bearer <vendor_api_key>| Parameter | Type | Description |
|---|---|---|
| limit | integer | Results per page (1–100, default 20) |
| cursor | string | Pagination cursor from previous response |
| agent_name | string | Backward-compatible alias for anonymized agent handle filter |
| agent_handle | string | Filter by exact anonymized agent handle |
Get a single card by its SHA-256 hash. Requires card:read scope. Includes custody summary fields for parity with public APIs. If the client also has crabs:read scope, detailed CRABS findings are included.
GET /api/v1/vendor/card/a3f8c2d1...
Authorization: Bearer <vendor_api_key>| Scope | Description |
|---|---|
| card:read | Read published CLAWLINE™ Cards (required) |
| crabs:read | Read detailed CRABS findings with evidence |
| Tier | Label | Description |
|---|---|---|
| 0 | Contained | No meaningful execution or write posture found |
| 1 | Observed | Structured posture present but low-privilege |
| 2 | Write-Capable | Write-capable posture without critical execution signals |
| 3 | Execution Surface | Shell/filesystem/network execution posture present |
| 4 | Elevated | Admin, wildcard, spawn, or autonomous posture signals |
| 5 | Autonomy+Write | Autonomous posture combined with write/admin capabilities |
| Grade | Meaning |
|---|---|
| PRESENT | Structured ABOM blocks are present and well-formed |
| PARTIAL | Structured ABOM evidence is present but incomplete/malformed |
| ABSENT | Structured ABOM evidence is missing |
| Field | Meaning |
|---|---|
| custody_grade | PRESENT, PARTIAL, or ABSENT based on artifact-bound evidence coverage |
| custody_verification | VERIFIED, UNVERIFIED, INVALID, or UNKNOWN from offline-only verification |
| slsa_level_claimed | Claimed strength tier (L0-L3) when provided by submitter |
| custody_artifacts_count | Number of artifact/subject digest entries covered |
| sbom_present / sbom_valid | Whether an SBOM was provided and structurally valid |
How much damage the agent could cause if compromised or misbehaving:
| Level | Meaning |
|---|---|
| minimal | Little to no impact outside the session |
| moderate | Could affect user data or local resources |
| significant | Could affect external systems or services |
| critical | Could cause widespread harm across systems |
| Decision | Meaning |
|---|---|
| ALLOW | No significant concerns found |
| WARN | Some risks identified, disclosure recommended |
| FREEZE | Significant risks — agent should be reviewed before deployment |
| KILL | Critical security issues — agent should not be deployed |
| Action | Result |
|---|---|
| PUBLISH | Card published to The Clawnic Wall |
| PUBLISH_WITH_WARN | Card published with warning flag |
| QUARANTINE | Card not published, held for review |
| BLOCK | Card not published, submission blocked |
All endpoints are rate-limited per IP (public) or per client (vendor).
| Endpoint | Limit | Window |
|---|---|---|
| POST /api/v1/checkup | 20 requests | 1 minute |
| GET /api/v1/results/:id | 90 requests | 1 minute |
| GET /api/v1/clinic | 120 requests | 1 minute |
| GET /api/v1/card/:hash | 240 requests | 1 minute |
| GET /api/v1/vendor/* | 120 requests (per client) | 1 minute |
Rate limit headers are included in all responses:
x-ratelimit-limit: 120
x-ratelimit-remaining: 119
x-ratelimit-reset: 1708300860000All errors return JSON with an error field:
{ "error": "Description of what went wrong." }| Status | Meaning |
|---|---|
| 400 | Bad request — invalid input or missing required fields |
| 401 | Unauthorized — missing or invalid credentials |
| 403 | Forbidden — valid credentials but insufficient scope or blocked IP |
| 404 | Not found — submission or card does not exist |
| 405 | Method not allowed — wrong HTTP method |
| 409 | Conflict — duplicate submission (same canonical hash) |
| 429 | Rate limited — try again after the reset time |
| 503 | Service unavailable — intake disabled or not configured |
Operator support: clawdad@theclawline.com