Spot on — the real risk isn’t the model, it’s where authority actually lives once chat becomes action.
We built Lionguard as open-source middleware that sits exactly in that Gateway/Control plane and enforces the boundaries you describe: tool-result parsing, privilege engine, cross-session drift detection, and circuit breakers that actually trip.
Tested 12/12 against the vectors in the articles @toxsec has been posting — all blocked or flagged locally, zero API cost.
Spot on — the real risk isn’t the model, it’s where authority actually lives once chat becomes action.
We built Lionguard as open-source middleware that sits exactly in that Gateway/Control plane and enforces the boundaries you describe: tool-result parsing, privilege engine, cross-session drift detection, and circuit breakers that actually trip.
Tested 12/12 against the vectors in the articles @toxsec has been posting — all blocked or flagged locally, zero API cost.
Full write-up + repo here:
https://awakenedintelligence.substack.com/p/openclaw-has-no-immune-system-so?r=58lc4j&utm_campaign=post&utm_medium=web
github.com/holmanholdings/lionguard
Appreciate the clarity on what builders actually own. Happy to see the ecosystem getting serious about this.
This architecture diagrams loks like archtocode.com
I use mermaid for all my diagrams