arifOS: A $15 MCP Governance Kernel for OpenClaw Tool Security

What arifOS Does
arifOS is a tiny MCP governance kernel that sits between OpenClaw models and their tools/skills. The creator, Arif (a geologist, not a coder), built it to prevent AI agents from "free-styling" his tools without proper security checks.
Core Architecture
The system uses a simple metaphor: treat the LLM like a "brain in a jar," treat tools like "hands," and put a "$15 VPS in the middle as the bouncer." Every OpenClaw tool call goes through this chain: jar → MCP server → scoring → security check.
Security Implementation
Each tool call gets scored 000-999 and must pass 13 hard Floors including:
- Amanah
- Truth
- Safety
- Injection
- Sovereignty
If a call fails any Floor, it returns "VOID" and nothing touches your filesystem, API, or database. The blocking logic is straightforward:
if verdict == "VOID":
return "Action Blocked by Floor 1: Amanah"As Arif puts it: "That's the whole joke: billion-dollar model, $15 lock."
Installation and Availability
Available via pip: pip install arifos
Repository: https://github.com/ariffazil/arifOS
The creator invites testing: "If you're running OpenClaw agents and want a paranoid bouncer in front of your skills, feel free to break this and tell me where it leaks."
Development Context
Arif notes that all Python code was written by AI agents, and he doesn't "even know how to spell phython"—highlighting the paradox of non-coders building security tools with AI assistance.
📖 Read the full source: r/openclaw
👀 See Also

Bitwarden Agent Access SDK integrates with OneCLI for secure credential injection
Bitwarden's new Agent Access SDK enables AI agents to access credentials from Bitwarden's vault with human approval, while OneCLI acts as a gateway that injects credentials at the network layer without exposing raw values to agents.

Claude Android App Reportedly Reads Clipboard Without Explicit User Action
A user reports that the Claude Android app analyzed code from their clipboard without them pasting it, with Claude identifying the file as pasted_text_b4a56202-3d12-43c8-aa31-a39367a9a354.txt. The behavior couldn't be reproduced in subsequent tests.

Scam Alert: Fake GitHub Airdrop Targets CLAW Token Users
A phishing scam is circulating that claims to offer $CLAW token airdrops for GitHub contributions. The scam uses a Google share link that redirects to a suspicious .xyz site and asks users to connect their wallets, potentially leading to wallet draining.

The Uniformed Guard Problem: Why Agent Sandboxes Need Identity, Not Just Policy
Nemoclaw's openshell sandbox scopes policies to binaries, enabling malware to live-off-the-land using the same binaries as the agent. ZeroID, an open-source agent identity layer, applies security policies to agents backed by secure identities.