OpenGuardrails addresses the critical security vulnerabilities of AI agents, such as prompt injection, data leaks, and dangerous actions. It provides a real-time runtime security layer designed for engineers and researchers building or deploying AI agents, offering protection before threats can execute and enhancing operational safety.

How It Works

The system wraps AI agents with a security layer that intercepts all tool calls and messages. This layer employs 10 built-in content scanners and a behavioral rule engine to analyze threats in real-time. Detected threats are blocked or trigger alerts before they can cause damage. An optional local gateway can sanitize sensitive data before it reaches LLM providers, while a management dashboard offers visibility into detected threats and agent behavior.

Quick Start & Requirements

Installation involves running npx clawhub@latest install moltguard followed by Install and activate moltguard via OpenClaw. Account claiming requires visiting a provided link, entering an email, and a verification code. Users receive 30,000 free detections. The management dashboard is accessible at openguardrails.com/dashboard. Self-hosted options include deploying the dashboard locally (npm install -g openguardrails, openguardrails dashboard start) and running an AI Security Gateway (npm install -g @openguardrails/gateway, openguardrails gateway start).

Highlighted Details

• Threat Detection: Covers prompt injection, system override, web attacks, MCP tool poisoning, malicious code execution, NSFW content, PII/credential/confidential data leakage, and off-topic drift.
• Behavioral Analysis: Monitors cross-call patterns like file exfiltration after reads, external writes after credential access, shell execution post-web fetch, and command injection.
• Architecture: Detailed in architecture.md.

Maintenance & Community

The provided README does not detail specific contributors, sponsorships, partnerships, or community channels like Discord/Slack or a public roadmap.

Licensing & Compatibility

Licensed under the Apache License 2.0, which is generally permissive for commercial use and integration into closed-source projects.

Limitations & Caveats

The core detection engine is a hosted service by default, though self-hosting options for the dashboard and gateway are available. The free tier is limited to 30,000 detections.