$clawproof list --all

The 10 Clawproof Checks

Ten opinionated checks for AI agent reliability and governance, distilled from real production incidents. Each is a single failure mode you need to prevent before shipping.

Score your agent →Run them open source

Security3 checks

#01

Tool Permissions & Least Privilege

Your agent starts with read access. Within a month, it has keys to everything.

Read →#03

Prompt Injection & Data Exfil

Untrusted content in, secrets out. The attack surface nobody tests.

Read →#06

Secrets Management

API keys in prompts, tokens in logs. Zero secret sprawl or bust.

Read →

Governance2 checks

#04

Human-in-the-Loop & Escalation

When should an agent stop and ask? Define the boundaries before production.

Read →#08

Data Boundaries & RAG Governance

Your agent can read everything it retrieves. Can it read everything it should?

Read →

Operations2 checks

#05

Rollback & Kill Switches

Can you stop your agent in 30 seconds? If not, you're not production-ready.

Read →#09

Cost Controls & Rate Limiting

A runaway loop at 3AM. No spending cap. Monday morning surprise.

Read →

Quality3 checks

#02

Logging & Audit Trails

When something breaks, can you trace what happened, why, and who approved it?

Read →#07

Evaluation & Regression Testing

You upgrade the model. Agent behavior changes. No tests caught it.

Read →#10

Multi-Agent Coordination

Two agents, one resource, zero coordination. Race conditions aren't just for code.

Read →