Last updated: 2026-05-21
Clawvisor vaults AI agent credentials and enforces purpose-based access across 14 services including Gmail and GitHub. Open source, YC-backed, free cloud trial.
Clawvisor is an open-source AI agent authorization gateway founded in 2026 by a Y Combinator-backed team. It supports 14 service adapters including Gmail, GitHub, Slack, and Notion. The cloud version is free to try with no credit card required; self-hosting is also free via the open-source repository. Agents declare their purpose once, users approve the scope, and Clawvisor enforces it on every request while vaulting credentials server-side.
Clawvisor is an open-source AI agent authorization gateway founded in 2026 and backed by Y Combinator's Spring 2026 batch. Built by Eric Levine, a serial founder who previously co-founded identity verification company Berbix (acquired by Socure in 2023) and led Trust and Safety engineering at Airbnb, the tool addresses a structural flaw in how AI agents use APIs: OAuth scopes are too broad for nondeterministic agents, and credential sprawl across .env files creates serious security risks. The core mechanism is purpose-based authorization. When an agent needs to take action, it declares a task describing what it plans to do and which services it needs. The user approves the scope once. From that point, Clawvisor enforces that approved scope on every subsequent request, credential injection happens server-side, and the agent never sees the underlying API keys or OAuth tokens. Every request is risk-scored before execution, and anomalous parameters, unusual access patterns, or scope creep trigger immediate blocks. The three-layer authorization model gives fine-grained control without approval fatigue. Hard restrictions block matching actions unconditionally. Task scopes with auto-execute enabled let pre-approved actions run without prompts. Anything outside those scopes goes to a per-request approval queue, where users respond via the web dashboard, Telegram bot, or mobile push notification. This design batches intent approval rather than requiring action-by-action confirmation. Clawvisor supports 14 service adapters: Gmail, Google Calendar, Google Drive, Google Contacts, Outlook, OneDrive, GitHub, Slack, Notion, Linear, Stripe, Twilio, iMessage, and Dropbox, with Jira, Salesforce, and Airtable coming soon. It is agent-agnostic and works with any agent that can talk HTTP, including Claude Code, Claude Cowork, Hermes, and Perplexity Computer. It also exposes an MCP server at /mcp with OAuth 2.1 for direct integration with Claude Desktop and other MCP clients. Deployment options are cloud-hosted (free trial, no credit card required) or self-hosted via Docker container or cloud VM. The project is open source on GitHub, written in Go 1.25+ with a React 18 frontend, and reached v0.9.7 in May 2026 with 184 stars and 562 commits. Clawvisor explicitly states it is experimental software that has not been audited for security and should not be used as the sole safeguard for critical systems.
Free cloud trial with no credit card required. Self-hosted version is free and open source (Go 1.25+ backend). Enterprise plan includes SSO, SAML, private cloud or on-prem deployment, audit and compliance tools, and dedicated support; contact sales@clawvisor.com for pricing.
Clawvisor is an open-source AI agent authorization gateway founded in 2026 and backed by Y Combinator's Spring 2026 batch. It sits between AI agents and external APIs, requiring agents to declare tasks upfront and enforcing those declared purposes on every subsequent request. The tool was created by Eric Levine, who previously co-founded Berbix, an identity verification company acquired by Socure in 2023. Clawvisor supports 14 service adapters including Gmail, GitHub, Slack, and Notion, and is compatible with any HTTP-capable agent including Claude Code, Hermes, and Perplexity Computer.
Clawvisor's cloud version is free to try with no credit card required. The self-hosted version is also free as the project is open source on GitHub at github.com/clawvisor/clawvisor. An enterprise plan with SSO, SAML, private cloud or on-premises deployment, audit and compliance tools, and dedicated support is available by contacting sales@clawvisor.com, though pricing is not publicly disclosed. There are no listed monthly pricing tiers between free and enterprise as of May 2026.
The three primary features are credential vaulting, purpose-based task authorization, and real-time risk scoring. Credential vaulting means agents never see API keys or OAuth tokens; Clawvisor injects them server-side after each authorized call. Task authorization lets users approve an agent's intended scope once instead of approving each individual action. Risk scoring evaluates every request for anomalous parameters, scope creep, and purpose-coherence violations before execution. Additional features include a full audit trail with unique request IDs, multi-device approval flows via dashboard or Telegram, and an MCP server at /mcp with OAuth 2.1.
Yes, Clawvisor offers two free options. The cloud version at clawvisor.com provides a hosted trial with no credit card required and no announced usage limits. The self-hosted version is fully free as the entire project is open source on GitHub at github.com/clawvisor/clawvisor. Teams that need SSO, SAML, compliance tooling, or dedicated support must contact sales@clawvisor.com for an enterprise quote, as that tier's pricing is not public.
The most direct alternatives are other AI agent security frameworks. NanoClaw takes a container-isolation approach, running each agent in a separate Docker container with a roughly 700-line auditable codebase. NemoClaw is NVIDIA's enterprise wrapper with kernel-level sandboxing and a YAML policy engine. IronClaw uses WebAssembly sandboxing with zero-permission defaults. Unlike those alternatives, Clawvisor is credential-gateway-based rather than sandbox-based, which means it works alongside any existing agent rather than replacing the execution environment.
Clawvisor is best for security-conscious developers and platform engineers who need to give AI agents real API access to services like Gmail, GitHub, or Slack without credential exposure or unbounded scope. Individual developers running personal agents benefit from the free tier and granular approval controls. It is not well suited for compliance officers in regulated industries such as healthcare or financial services, since as of May 2026 Clawvisor has not completed a security audit and holds no SOC 2, ISO 27001, or HIPAA certification.
Yes. Clawvisor exposes an HTTP gateway API that any agent capable of making HTTP requests can use. It also exposes a Model Context Protocol server at /mcp with OAuth 2.1, enabling direct integration with Claude Desktop and other MCP-compatible clients. The gateway supports per-agent rate limiting and per-user limits to prevent runaway agents. The GitHub repository at github.com/clawvisor/clawvisor includes documentation on the task declaration format and the request authorization flow.
Direct OAuth gives agents broad scope access, typically covering an entire mailbox or repository rather than a specific declared purpose. A Clawvisor-mediated connection restricts each agent to the exact actions declared in its task, even within the same OAuth scope. Direct OAuth also embeds tokens in agent configuration files or environment variables, whereas Clawvisor vaults all credentials server-side. The tradeoff is added latency from the gateway hop and a dependency on Clawvisor's availability, but for sensitive integrations like email sending or Stripe payments the purpose-enforcement model significantly reduces blast radius.