OpenClaw. Hardened.
One click.

A local AI runtime that doesn't phone home. ClawFactory installs OpenClaw inside a WSL2 sandbox with an egress firewall, loopback-only gateway, and one-click kill switch. Security controls enforced at the OS level — not by prompting the agent to behave.

ClawAgent: single agent, 5 min setup · ClawFactory: full security substrate, 5 agents, kill switch

Windows 10/11  ·  ClawAgent $49  ·  ClawFactory $149

What every install includes

Control What it does
WSL2 sandbox Agent runtime isolated from Windows filesystem
Rootless Docker No root access inside the container
nftables egress firewall Outbound traffic scoped to clawuser UID only
automount=false Windows drives invisible to the agent
Loopback-only gateway Gateway binds to 127.0.0.1:8787 — not the network
Windows Firewall rule Inbound connections to port 8787 blocked
DPAPI key storage API key in Windows Credential Manager, never plaintext
Kill Switch One-click shutdown from Start Menu

From zero to isolated agent in three steps.

Step 01 / Download
Download
Run ClawFactory-Secure-Setup.exe as Administrator.
Step 02 / Configure
Configure
Enter your API key. The installer stores it in Windows Credential Manager.
Step 03 / Run
Run
Your AI agent is live at 127.0.0.1:8787. Nothing leaves your machine without your permission.
ClawFactory is a Windows installer that packages OpenClaw — a local AI agent runtime — inside a hardened security sandbox. When you run the installer, it sets up a WSL2 Linux environment, installs the OpenClaw runtime inside it, configures a firewall that restricts what the agent can reach on the internet, and wires everything so the agent runs locally on your machine. You interact with it through ClawChat, the desktop app that's included with your install. Your conversations stay on your machine. Nothing is sent to a central server.
Your conversations are stored locally in %APPDATA%\ClawChat\conversations\ on your Windows machine. The only outbound traffic allowed by the egress firewall is the API call to your AI provider (Grok by default) — that's the request that generates the response to your message. No telemetry, no analytics, no conversation logging to any server we control. The firewall enforces this at the network level, not just by policy.
Almost nothing outside its own sandbox. By default the agent runs inside WSL2 with automount disabled — your Windows filesystem (C: drive, Documents, Downloads, everything) is invisible to it. The egress firewall restricts outbound network calls to your AI provider only. It cannot read your files, access other applications, or make arbitrary internet requests.
The following are blocked by default at install:
Windows filesystem: invisible to the agent (automount=false)
Inbound network connections to port 8787 from other devices on your network (Windows Firewall rule)
Outbound network traffic except to your configured AI provider (nftables egress firewall scoped to the agent's Linux user)
— The gateway only binds to 127.0.0.1 — not accessible from other machines on your network

A note on how these controls work: every restriction listed above is enforced at the OS or network level — not by instructing the agent to behave a certain way. The egress firewall is an nftables rule in the Linux kernel scoped to the agent's user ID. The gateway binding is a network socket configuration. automount=false is a WSL2 kernel parameter. None of these can be overridden by the agent itself, regardless of what instructions it receives. This is the difference between a security control and a security suggestion.
Settings management via the ClawChat interface is on the roadmap for an upcoming release. In the current version, security controls are configured at install time and designed to stay locked by default. If you need to modify access — for example, allowing the agent to read specific files or reach additional network endpoints — contact support@clawfactory.app and describe your use case. Manual configuration options will be documented here when the settings interface ships.
After install, ClawChat opens automatically. Type your message in the input bar and hit Enter — the agent responds in real time, streaming tokens as they arrive. Conversations are saved automatically and appear in the sidebar. Use the New Chat button to start a fresh conversation. The gateway status dot in the top-left of ClawChat shows green when your agent is running and ready. If it shows red, use the Kill Switch from the Start Menu to restart the gateway.
ClawFactory ships pre-configured for Grok (xAI) — you provide your Grok API key during install and it's stored securely in Windows Credential Manager. Support for switching providers (OpenAI, Anthropic, and others) is in active development and will be available in an upcoming release. If provider flexibility is important to your use case, ClawAgent ($49) is a lighter option worth considering while the full provider-switching feature is completed.
Same security substrate — both include the WSL2 sandbox, egress firewall, DPAPI key storage, loopback-only gateway, and Kill Switch. The difference is scope: ClawFactory ($149) includes 5 agent profiles and factory orchestration scaffolding for multi-agent workflows. ClawAgent ($49) is a single-agent install — faster setup, same security, designed for straightforward use cases.
Conversations are stored in your Windows user profile under %APPDATA%\ClawChat\conversations\ — accessible only to your Windows user account under normal circumstances. ClawFactory is not currently designed for shared or multi-user machines. If multiple people use the same Windows account, they would share the same conversation history.
The ClawFactory installer is not yet code-signed with a commercial certificate. Windows SmartScreen shows a warning for unsigned executables from unknown publishers. This is expected. To proceed: click "More info" on the SmartScreen dialog, then "Run anyway." We are working toward obtaining a code signing certificate. In the meantime, you can verify the installer's SHA-256 hash against the value published on the GitHub Releases page before running it.
Not yet. ClawFactory and ClawAgent are Windows 10/11 only. The WSL2 sandboxing approach is Windows-specific. Mac and Linux support is on the long-term roadmap but has no committed timeline.
Use Windows Settings → Apps → ClawFactory (or ClawAgent) → Uninstall. The uninstaller removes the WSL2 environment, the OpenClaw runtime, the firewall rules, and the scheduled task. Your conversation history in %APPDATA%\ClawChat\ is not deleted automatically — remove that folder manually if you want a complete clean uninstall.
No. ClawFactory is a one-time purchase. You pay once and own the installer permanently. Future major versions may be separate purchases. Updates within the current version (v1.x) are free — download the latest installer from the releases page and reinstall over the existing version.

A local AI runtime that doesn't phone home.

No telemetry. No cloud dependency. No data collection. Ever.

$49
ClawAgent
Single agent runtime
  • WSL2 sandbox
  • Egress firewall
  • Loopback gateway
  • DPAPI key storage
  • Kill Switch
  • Multi-agent support
  • Factory orchestration
Buy ClawAgent — $49 → Download from GitHub →