I've been working on a security model and architecture to make a hardened rewrite of OpenClaw. I've got a first pass of prompt injection and secret exfiltration protection and an agentd that gives network vm/sandbox access, reads the accessibility tree and can take screenshots of apps or regions of the desktop. I also have full policy control in place with OPA so you can manage everything the agent can do in one place.

The goal is a milspec, zero-trust autonomous agent that can be completely locked down. I'm also tying the agent's heartbeat into activitywatch so it can be a good personal assistant and do stuff for you pre-emptively based on your stated goals and session activity.