How is HexaClaw different from OpenClaw?

HexaClaw is built on the OpenClaw foundation but adds curated skill packs, Guardian runtime security (163 rules across 13 attack categories), a native macOS app, hardened config profiles, and ongoing security updates. Think of it as OpenClaw with batteries included.

Will this break my existing OpenClaw setup?

No. The installer automatically backs up your existing configuration before making any changes. You can rollback to your previous config at any time.

What does Guardian protect against?

Guardian is HexaClaw's built-in runtime security engine with 163 rules across 13 attack categories. It blocks credential theft, data exfiltration, prompt injection, persistence attacks, and reverse shells in real-time with sub-5ms overhead.

Can I use HexaClaw with ClawSec or SecureClaw?

Yes. HexaClaw complements other security tools. Use ClawSec for ongoing monitoring and HexaClaw for prevention with pre-verified skills and hardened configs.

Is this a subscription?

HexaClaw offers a 7-day trial with 200 credits and all models unlocked. After the trial, Pro is $19.99/month for API access to every AI service with basic security. Max is $49/month and adds full Guardian security, curated skill packs, and 2.5x more credits. Cancel anytime.

What skills are included in the curated packs?

10 skills across 3 packs: Productivity (notes, calendar, email, reminders), Developer (GitHub, coding tools, session logs), and Content (summarize, transcribe, social media). Each scanned with HexaClaw Verify.

What happens if a new attack is discovered?

Pro subscribers receive ongoing security updates, including updated Guardian rules and configs. Both tiers ship with allowlisting by default, blocking unknown skills whether or not a specific attack has been identified.

Can I add my own skills after installing HexaClaw?

Yes. The security guide explains how to safely add new skills to your allowlist. The hardened config ensures only explicitly allowlisted skills can run.

$curl -sSL https://hexaclaw.com/install-cli | bash

Try It Now Sign Up

Zero Setup. One API. Unlimited Agent Capabilities.

Q: What is HexaClaw?

HexaClaw gives your AI agent access to every service it needs — 25+ LLMs, web search, image generation, voice, browser automation, vector memory, and security — with one signup and one bill. Zero configuration.

The Easiest Way to Power Your AI Agent

Your agent needs LLMs, search, images, voice, browser automation. Stop juggling providers. Get it all in one place, on one bill.

7-day free trial25+ models unlockedReady in 60 seconds

Zero Setup

Everything Included

LLMs, search, images, voice, browser, memory, security. All built in.

One Bill

One credit balance for every service. No surprise invoices from 5 providers.

AnthropicClaude

OpenAIGPT-4.1

GoogleGemini

BraveSearch

fal.aiImages

BrowserbaseBrowser

Quick Start

Up and Running in 60 Seconds

One signup. One command. Zero configuration. Your agent is ready to go.

Sign up

Create your account in seconds. 7-day free trial with 200 credits. Your existing OpenClaw config is backed up automatically.

Email + password

Install with one command

One command installs HexaClaw and connects it to your account. No API keys to copy, no config files to edit — everything is set up for you.

$ curl -sSL https://hexaclaw.com/install-cli | bash

Start using your agent

That's it. Your agent now has access to 25+ LLMs, web search, image generation, voice, browser automation, and more. All on your credit balance.

Ready. Start chatting.

Included Services

Everything Your Agent Needs. One Place.

Stop signing up for separate services and managing multiple bills. HexaClaw bundles every AI capability into a single account with unified billing.

Intelligence

25+ LLMs, auto-routing

Search

Real-time web search

Images

AI image generation

Voice

Speech-to-text & TTS

Browser

Cloud browser sessions

Memory

Persistent vector storage

See all features

Coming Soon

The Full Platform

HexaClaw is building the complete AI infrastructure stack. Three more products launching in 2026.

Coming Soon

HexaClaw Guardian

Runtime security for AI agents

Protects your agent from prompt injection, credential theft, and data exfiltration in real-time. Always-on, zero config.

Learn More

Coming Soon

HexaClaw Agent

Pre-built AI agents for any task

60+ ready-made skills across 10 categories. Compose specialized agents for coding, research, and automation — no setup required.

Join Waitlist

Coming Soon

HexaClaw Host

Cloud VMs with agents preinstalled

Cloud machines with your AI agent already installed and configured. SSH in and start working — nothing to set up.

Join Waitlist

Features

Every Capability Your Agent Needs

One signup unlocks every capability. No separate accounts, no extra setup, no configuration — it all just works.

25+ models

Intelligence

25+ models from 7 providers — Anthropic, OpenAI, Google, xAI, DeepSeek, Mistral, and Groq. Smart routing picks the best model for each task automatically.

Persistent

Memory

Your agent remembers across sessions. Store context, retrieve it naturally, build persistent knowledge — no database setup required.

Real-time

Knowledge

Real-time web search built in. Your agent can look up anything — latest news, documentation, prices, weather — instantly.

3 quality tiers

Vision

Generate images on demand. From quick drafts to production-quality renders, your agent can create visuals without any external accounts.

6 voices

Voice

Text-to-speech with 6 voices and speech-to-text transcription. Your agent can speak and listen — audio in, text out, or the reverse.

Cloud-based

Web Browsing

Cloud browser sessions for your agent. Navigate pages, fill forms, scrape data, take screenshots — no local browser needed.

Coming Soon

Security

Built-in protection against prompt injection, credential theft, and data exfiltration. Always-on, always watching, zero config.

60+ skills

Agent Factory

60+ ready-made skills across 10 categories. Compose specialized agents for coding, research, media, and automation with one click.

Unified billing

One Account

One signup, one credit balance, one bill. No more juggling separate accounts for every AI service. Usage tracking and spending controls built in.

Why Security Matters

AI Agents Are Under Attack. We Built for That.

Recent attacks exposed how vulnerable AI agents are to malicious plugins and prompt injection. HexaClaw includes security by default so you don't have to worry.

341

Malicious plugins found

Discovered in a major supply chain attack

9,000+

Users affected

Installed at least one compromised plugin

36%

Contain hidden attacks

Of community plugins tested by security researchers

12%

Designed to steal data

Built to exfiltrate credentials or personal info

Sources: Koi Security analysis, Snyk ToxicSkills study (Feb 2026)

Pricing

Simple Pricing. Cancel Anytime.

Start with a free 7-day trial. Pro gives you every AI service on one bill. Max adds full security and 2.5x more credits.

7-Day Trial

200 trial credits. All models. Auto-converts to Pro.

$0/7 days

200 trial credits included
All models unlocked during trial
Community skills
Basic hardened config
One-click install script

Start Free Trial

Pro

Every AI service on one account. Credits, smart routing, and basic security.

$19.99/month

Everything in Trial, plus:
2,000 credits/month
All 25+ models (Claude, Gemini, GPT, etc.)
Full API: LLMs, search, images, voice, browser, vectors
Smart routing across providers
Guardian Tier 1 (coming soon)
Basic hardened config
Community skills
Bring your own API keys
Priority email support

Start Free Trial

Full Security

Max

Full Guardian protection. More credits. No API keys needed.

$49/month

Everything in Pro, plus:
5,000 credits/month (2.5x more)
Built-in credits -- no API key needed
Guardian Tier 2 (coming soon — full heuristics + tool-native detection)
Guardian Tier 3 Cloud API (coming soon — LLM-powered threat analysis)
OTA rule updates (new CVEs pushed within hours)
3 curated skill packs (10 verified skills)
Skill scanner (detects ClawHavoc-style attacks)
MCP tool poisoning detection (Invariant Labs patterns)
HexaClaw Verify scanner CLI
Hardened config with advanced toggles
Threat intelligence feeds (URLhaus, PhishTank, ThreatFox)
Domain reputation checking (VirusTotal + Safe Browsing)
Higher relay session limits
Early access to new skills and rule updates

Start Free Trial

Coming Soon

Enterprise

Private cloud routing. Zero data retention. Full compliance.

Custom

Everything in Max, plus:
Private cloud routing (Ollama, vLLM, TGI)
Zero data retention
Customizable PII detection policies
API key & secret scanning (14 patterns)
Team management with RBAC
SSO / SAML (coming soon)
Compliance dashboard & audit logs
Custom SLA
Dedicated account manager

Contact Sales

Need More Credits?

Credit packs work with Pro and Max. Use Gemini Flash for thousands of runs, or Claude/GPT for targeted tasks.

Starter

1,000

$10

Standard

2,750

$25(10% off)

Power

5,750

$50(13% off)

Bulk

12,500

$100(20% off)

Cancel anytime. No questions asked. Trial auto-converts to Pro at $19.99/mo.

Coming Soon

HexaClaw Guardian

Runtime security built for AI agents. Guardian intercepts credential theft, data exfiltration, prompt injection, and persistence attacks before they execute -- with sub-5ms overhead. Currently bundled with HexaClaw API, launching as a standalone product and API in 2026.

163

Security rules

Regex + heuristics + ML across 13 categories

4 tiers

Defense in depth

Regex (<5ms), heuristics (<50ms), ML (<200ms), Cloud API

98%

Detection rate

85 real-world attacks tested, 0 false positives

Cloud API endpoints

Skill scan, MCP analysis, code analysis, IO scan

Real-World Attacks Tested in Isolated VM

Attack Pattern	Source	Without Guardian	With Guardian
SSH key injection + exfiltration	ClawHub evilweather	Keys stolen	BLOCKED (9)
Credential bundling + webhook exfil	ClawHub rankaj	Creds leaked	BLOCKED (6)
SOUL.md cognitive rootkit	VirusTotal analysis	Agent hijacked	BLOCKED (3)
HEARTBEAT.md C2 injection	VirusTotal analysis	Backdoor installed	BLOCKED (6)
MCP tool description poisoning	Invariant Labs	Keys exfiltrated	BLOCKED (12)
MCP config injection (RCE)	CVE-2025-54135	Code executed	BLOCKED (6)

Credentials leaked

Persistence achieved

Fake credentials planted, none stolen

Guardian Cloud API -- Tier 3 Deep Analysis

When local rules need backup, the Cloud API provides LLM-powered threat analysis. 9 endpoints covering skills, MCP manifests, code, prompts, and data output -- all tested against real-world attacks.

Skill Scanner

Deep analysis of SKILL.md files for hidden instructions, credential theft, and cognitive rootkits. Detects all 6 ClawHavoc attack vectors.

MCP Tool Poisoning

Catches hidden instructions in tool descriptions, cross-origin shadowing, rug-pull patterns, and schema-level injection (Invariant Labs, CyberArk).

Prompt Classifier

Blocks prompt injection, jailbreaks (DAN, Skeleton Key, Crescendo), social engineering, and cross-lingual attacks with 0.85-0.98 confidence.

Code Analysis

Detects reverse shells, persistence mechanisms, privilege escalation, DNS exfiltration, and obfuscated payloads across Python, Bash, Perl.

IO Scanner

Catches API keys, SSH keys, JWTs, PII (SSN, credit cards, medical records), and Stripe keys in tool output before they leave your machine.

Threat Intelligence

Live feeds from URLhaus, PhishTank, and ThreatFox. Domain reputation via VirusTotal and Google Safe Browsing.

Defense in depth: even when a model refuses 95% of attacks, Guardian catches the 5% that slip through. Tested against Claude Opus 4, Gemini 2.0 Flash, and Gemini 2.0 Flash Lite in live E2E and isolated VM environments.

Get Early Access

6 Attack Vectors. Handled.

HexaClaw handles every known attack vector in the AI agent ecosystem so you don't have to worry about them. Including CVE-2026-25253 (CVSS 8.8) and CVE-2025-54135 MCP config injection.

Malicious Install Hooks

Skills that run arbitrary shell commands during installation, compromising your system before you even use them.

Credential Harvesting

Skills designed to extract API keys, SSH keys, wallet keys, and other secrets from your environment.

Prompt Injection

Hidden instructions in skill definitions that hijack the AI agent to perform unintended actions.

Data Exfiltration

Skills that silently send your data to attacker-controlled servers through covert network requests.

Typosquatting

Fake skills that mimic popular ones with slightly different names to trick users into installing them.

Dependency Hijacking

Malicious code hidden in the dependencies of otherwise legitimate-looking skills.

Deep skill scanning

Why HexaClaw Scans Every Skill

Basic antivirus catches malware signatures in binaries. But prompt injection -- the #1 attack vector -- lives in SKILL.md text files, not binaries. HexaClaw goes deeper.

Basic Scanning

Scans for malware signatures in binaries
Catches known malware families
Cannot catch prompt injection payloads
No behavioral analysis
No runtime protection
No config hardening

Basic binary scanning cannot catch prompt injection payloads in text-based skill definitions.

HexaClaw

Custom YARA rules for prompt injection
Heuristic behavioral analysis
Guardian runtime security (58 rules)
Hardened security config
Pre-verified skill bundles
Real-time threat blocking (sub-5ms)

Built on Cisco AI Defense. 42 confirmed blocks against real ClawHub attack patterns. Zero false positives.

36% of skills on public registries contain prompt injection vulnerabilities that basic scanning cannot detect. HexaClaw scans for these by default.

Source: Snyk ToxicSkills study (Feb 2026)

Why Not Just Use Separate Providers?

You could sign up for 5-6 services and manage them yourself. Or you could sign up once and get everything.

Feature	HexaClaw	Multiple Providers	LLM-Only Routers	DIY Setup
LLMs (25+ models)
Web search		Separate account		Separate account
Image generation		Separate account		Separate account
Voice (TTS + STT)		Separate account		Separate account
Browser automation		Separate account		Separate account
Vector memory		Separate account		Separate account
Built-in security (coming soon)
One account / one bill
Smart model routing
Setup time	60 seconds	Hours	Minutes	Days

One Signup. Every AI Service. One Bill.

Your agent gets LLMs, search, images, voice, browser automation, and security. Stop juggling providers. Get started in 60 seconds.

Try the Playground Sign Up Free

7-day free trial. 200 credits included. Cancel anytime.

Real Feedback

What People Are Saying

From early users who tried HexaClaw.

It just works. No setup, no configuration, no headaches. I signed up and my agent had access to everything within minutes.

Veda Sri Lekha

Content Reviewer

I spent 5 hours trying to set up OpenClaw on my own and it still wouldn't work. Signed up for HexaClaw and had it running in 2 minutes.

Honeysha Varma

Sales Lead

This is a game-changing level of ease. AI agents used to be a developer-only thing — with HexaClaw, anyone can use them.

Zachary J.

Software Engineer

FAQ

Frequently Asked Questions

Get HexaClaw Updates

Get notified about new features, skill packs, and security updates. No spam. Unsubscribe anytime.

Free. No spam. Unsubscribe anytime.