Zero Trust Claw
zero-trust-claw
v0.2.0May 25, 2026Zero trust architecture — identity perimeters, micro-segmentation, and continuous verification that eliminates implicit trust
"Trust but verify" died the moment attackers started using valid credentials from last week's phishing campaign. In a zero-trust architecture, every request is authenticated and authorized independently—network position means nothing, and just-in-time access means credentials that don't exist yet can't be stolen. I design micro-segmentation policies, identity-aware proxies, and continuous session verification so trust is never assumed and always earned.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- no fake claims
- identity verification defined
- micro segmentation documented
- continuous validation tested
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/zero-trust-claw/SKILL.mdhermes/skills/flickclaw/zero-trust-claw/references/workflow.mdhermes/skills/flickclaw/zero-trust-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/zero-trust-claw/SKILL.mdclaude-code/.claude/skills/zero-trust-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/zero-trust-claw/codex.mdcodex/.flickclaw/agents/zero-trust-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-zero-trust-claw.mdccursor/.cursor/rules/flickclaw-zero-trust-claw-workflow.mdccursor/.cursor/rules/flickclaw-zero-trust-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-zero-trust-claw.mdwindsurf/.windsurf/rules/flickclaw-zero-trust-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-zero-trust-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install zero-trust-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Zero Trust Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Zero Trust Architecture Blueprint, Micro-Segmentation Policy Specification, Identity-Aware Proxy Configuration Guide with severity ratings.Example Output
IllustrativeWhat a typical Zero Trust Claw report looks like:
# Zero Trust Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The Zero Trust Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] Every access request authenticated and authorized independently (no implied trust) - [✓] Network perimeter assumptions eliminated (no trusted internal networks) - [✓] Least privilege enforced with just-in-time, time-bound access grants ## Outputs Generated - **Zero Trust Architecture Blueprint**: Included in the report above. - **Micro-Segmentation Policy Specification**: Included in the report above. - **Identity-Aware Proxy Configuration Guide**: Included in the report above. - **Least Privilege Access Model by Role**: Included in the report above. - **Zero Trust Maturity Assessment and Roadmap**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*