1Claw Vault
HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.
Using 1Claw Vault in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts-before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
uv tool install mcpindex-gate && mcpindex-config-wireVerdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.
Own this server? Screen its description →
ONECLAW_AGENT_API_KEYAgent API key (ocv_...). Exchanged for a short-lived JWT; auto-discovers agent ID and vault. Recommended for stdio.
ONECLAW_AGENT_IDOptional agent UUID when pinning identity (usually auto-discovered from the API key).
ONECLAW_VAULT_IDOptional vault UUID when the agent can access multiple vaults.
ONECLAW_BASE_URLVault API base URL (default https://api.1claw.xyz).
ONECLAW_LOCAL_ONLYSet to true for security-only mode (inspect_content only; no vault credentials).
Security & DLP proxy for MCP: tool-poisoning scans, PII redaction on tool args/results. Beta.
93 keyless tools of live, verifiable data for AI: weather, hazards, space, CVEs. Ed25519-signed.
Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.