Libre Claw
Local-first agent security model
How Libre Claw handles API keys, shell approvals, browser tools, memory redaction, sandboxing, daemon locality, and auditable run logs.
Credential storage
API keys are read from environment variables, OS keyring, or encrypted local fallback storage under ~/.libre-claw/.keys.
Tool approvals
File writes, edits, shell commands, browser actions, git commits, downloads, and MCP calls ask before running.
Sandbox policy
Dangerous shell patterns are blocked. File access is restricted to the configured working directory by default.
Memory redaction
Credential-looking strings are redacted before memory indexing or prompt injection.
Run audit trail
Append-only JSONL event logs make every tool call, approval, and decision inspectable after the fact.
Daemon locality
The daemon and dashboard bind to localhost by default. Remote access requires explicit configuration.