A few weeks back I showed cryptographic receipts for AI agent actions — through an MCP signing proxy, watching every call to the GitHub MCP server. The proxy works for what flows through MCP. Plenty doesn’t.
OpenClaw is the dangerous place: it’s where agents execute shell commands, read and write files, hit APIs. The blast radius of an AI agent is bounded by the tools it can call, and OpenClaw’s the runtime that hands them out. If you’re going to have an audit trail anywhere, it’s there.
...
Read more