MonoClaw
Order Now

Trust & Safety

Security is not a feature. It is the architecture.

MonoClaw is built with defence in depth. Every layer is designed to keep your data safe — not as an afterthought, but as the foundation.

Isolated tool execution

WASM Sandbox

MonoClaw's untrusted tools run inside isolated WebAssembly containers with resource limits and HTTP allowlists. In the standard deployment, local bridges stay on your Mac and sandboxed tools cannot reach secrets directly. If a sandboxed tool misbehaves, it is contained.

Sandbox Boundary

Tool
Resource Limits
HTTP Allowlist
WASM

Secrets never enter the sandbox

Credential Injection

Your API keys and passwords are stored with AES-256-GCM encryption in a local PostgreSQL database. In Mona's standard onboarded setup, MonoClaw injects credentials at the host boundary when a tool needs them, so secrets are not handed around as ordinary tool input.

Encrypted Store
Host Boundary
Runtime Injection
Tool

You review external side effects

Approval Gates

Before Mona sends a message, submits a form, posts to social media, or runs a workflow with external effects, she presents the details and waits for your approval. On Telegram, you tap inline buttons. On WhatsApp and Discord, you reply with a number.

Step 1

Mona Proposes Action

Step 2

User Reviews

Approve
Edit
Reject

Data Privacy Rules

What Mona stores — and what she never does

Mona stores

  • Task state and reminders
  • Your preferences and settings
  • Session summaries
  • Contact patterns (CRM-style)

Mona never stores

  • Plaintext passwords or raw credentials
  • Payment card details
  • Government ID numbers (full HKID)
  • Medical information
  • Verbatim conversation logs

Non-Overridable Guardrails

Hard rules in Mona's shipped safety profile

These safeguards ship with Mona's default runtime rules. They are designed to protect normal use, not to behave like optional convenience settings.

  1. 01Rate limit: maximum 5 outbound messages per 10 minutes
  2. 02Triple confirmation required for all file and data deletion
  3. 03Financial transaction prohibition — Mona never executes trades or payments
  4. 04Skills ship through trusted installation, and later additions are limited to approved trusted sources
  5. 05Approval gates for all Crayfish workflows with side effects

LLM Inference & Privacy

An honest breakdown of what stays local and what goes to the cloud.

What stays on your Mac

  • Workspace database (PostgreSQL + pgvector)
  • Encrypted secrets store (AES-256-GCM)
  • Persistent memory and session history
  • Orchestration logic and all 43 bundled skill files
  • Channel configuration and preferences

What goes to the cloud

  • Prompts sent to your chosen LLM provider via OpenRouter for inference
  • Model responses returned to your Mac

OpenRouter says it disassociates sampled inputs from your user ID for analytics and does not sell personal data. Each LLM provider has its own data handling terms — check your chosen provider's policy.

MonoClaw's additional layer

  • Mona's data-handling rules are designed to keep passwords, card numbers, government IDs, and medical data out of persistent memory and routine summaries
  • Conversation content is summarised, not logged verbatim

The bigger security risks are usually phishing emails, weak passwords, and unpatched software. MonoClaw is built for that real-world threat surface with sandboxed tools, encrypted secrets, approval-gated actions, and a locally installed runtime you control.

Security questions?

Contact Us