12% of OpenClaw skills are malware. Your agent reads what they tell it to.

mlayer-guard

Your agent reads web pages, emails, and API responses. We check them first.

Try the Demo → Get Started

Benchmark Results

98%

Attack detection

InjecAgent, N=300

Only published runtime detection score on agent attacks

100%

Benign pass rate

Deepset, N=343 — zero false positives

94.1%

Real conversations

WildGuard, N=971

Tested on InjecAgent (ACL 2024), NotInject (ACL 2025), WildGuard, and Deepset. All public datasets.

How It Works

Every tool call is a potential injection point. Browsing a webpage, reading an email, calling an API — any of these can contain hidden instructions your agent will follow.

Tool Output

→

mlayer-guard

→

Safe?

→

Agent Acts

Catches command hijacking, data exfiltration, and goal substitution
Works with any OpenAI-compatible LLM — OpenAI, Groq, Together, Ollama
BYOK — your key, your model, your choice of provider

Setup

Takes 2 minutes. No account required during beta.

Copy the skill into your OpenClaw skills directory:

cp -r openclaw-skill/mlayer-guard ~/.openclaw/skills/mlayer-guard

Set your environment variables:

export MLAYER_GUARD_URL="https://mlayer-main-dmilstein-match.replit.app"
export MLAYER_API_KEY="your-api-key"          # optional
export MLAYER_MODEL="gpt-4o-mini"             # optional, any supported model

Restart your OpenClaw agent. The skill activates automatically.

Supported providers:

OpenAI Groq Together Fireworks Ollama

Pricing

Beta — Free

500 checks/day. BYOK — uses your own LLM key. ~$0.001 per check. No credit card required.

Need more?

Higher limits, team support, and audit logs coming soon.

Get in touch →