Kilo Claw

The parent Kilo platform has documented data protection: the FAQ states 'Your agent's data is encrypted at rest and in transit. We don't train on your data, we don't sell your data, and you can export or delete everything at any time.' The Vanta trust center confirms 'Data encryption utilized — the company's datastores housing sensitive customer data are encrypted at rest,' 'Data transmission encrypted,' and 'Network segmentation implemented — the company's network is segmented to prevent unauthorized access to customer data.' However, there is no KiloClaw-specific documentation about per-agent isolation, cross-agent contamination prevention, or how multi-tenant OpenClaw agents are separated. The enterprise tier offers 'dedicated instances with custom data residency options' but this is not available at the standard tier.

No information found about agent-specific security measures such as prompt injection defenses, hardware-enforced sandboxing for code execution, human-in-the-loop approval for goal changes, memory integrity protection, or container escape prevention. KiloClaw is pre-launch and the landing page only mentions it 'handles the infrastructure, security, and updates' without any specifics on how agents are isolated or how code execution is sandboxed. These are critical OpenClaw-specific concerns that are entirely unaddressed in the current documentation.

The KiloClaw landing page mentions that Kilo Gateway lets you 'plug in your own keys and route everything through one centralized place — no more scattering secrets across config files on random VPS instances. One dashboard, all your keys, full visibility.' The trust center confirms 'Encryption key access restricted — the company restricts privileged access to encryption keys to authorized users with a business need.' However, there is no documentation about how OpenClaw agent credentials (Telegram tokens, Discord bot tokens, email passwords) are specifically stored, whether they are encrypted separately, whether credential leak detection exists in agent outputs, or how credentials are excluded from AI model context. The claim is marketing-level for the Gateway product, not specific to OpenClaw agent credential management.

No information found about agent guardrails such as least-privilege enforcement, high-risk tool classification, resource consumption limits, emergency kill switches, or behavioral monitoring for OpenClaw agents. The KiloClaw page mentions 'Scheduled Tasks & Cron' but does not describe any safety mechanisms around autonomous agent actions. The enterprise page mentions 'Individual daily spending limits ($25 default)' for the coding tool, but it is unclear whether this applies to KiloClaw agents or only to Kilo Code IDE usage.

The Vanta trust center documents 'Backup processes established — the company's data backup policy documents requirements for backup and recovery of customer data,' 'Continuity and Disaster Recovery plans established,' and 'Continuity and disaster recovery plans tested — the company has a documented BC/DR plan and tests it at least annually.' The FAQ states 'you can export or delete everything at any time.' The status page at status.kilo.ai shows 99.992% uptime over 90 days for the existing platform. The parent company Kilo Code has 1.4M+ users and 15.5k GitHub stars, providing meaningful stability signals. However, KiloClaw itself is pre-launch, so these apply to the parent platform only.

Pricing is relatively transparent. The KiloClaw page states 'Simple pricing. No surprises' and 'transparent 1:1 pricing with zero markup on AI tokens.' The FAQ says 'KiloClaw will use your existing Kilo Gateway credits. Same account, same billing, same transparent pricing with zero markup on AI tokens.' The enterprise page mentions 'Individual daily spending limits ($25 default)' and 'No surprise overages or complex billing situations.' However, actual KiloClaw compute pricing is not yet published since the product is pre-launch, and the terms allow Kilo to 'change the Fees for any feature of the Service' with only 'prior advance notice.' Credits expire after one year per the ToS.

Strong accountability infrastructure exists at the parent platform level. The Vanta trust center shows a SOC 2 Type I report with 68+ passing controls including 'Incident response plan tested — the company tests their incident response plan at least annually,' 'Incident response policies established,' 'Incident management procedures followed,' 'Comprehensive audit logs' (mentioned on enterprise page), and 'Log management utilized.' The trust center was updated '22 minutes ago' at time of review, indicating active maintenance. The enterprise tier includes 'Audit logs,' 'SLA commitments,' and 'compliance reporting for GDPR and industry standards.' The company is based in Amsterdam per the footer ('Made with love in Amsterdam') and is incorporated as Kilo Code, Inc. The responsible disclosure policy at /security provides clear reporting guidelines. Note: SOC 2 Type I covers the parent Kilo platform, not KiloClaw specifically.

Subprocessors are documented on the trust center: Vercel (Engineering), Supabase (Cloud DB), Cloudflare (Cloud provider), GitHub (Version control), Vanta (Security monitoring), and Google Workspace (Identity provider). The Vanta trust center confirms 'Vendor management program established' with 'critical third-party vendor inventory, vendor's security and privacy requirements, and review of critical third-party vendors at least annually' and 'Third-party agreements established.' The privacy policy lists service providers including Orb (billing), Anthropic, OpenRouter, and Stripe. However, there is no documentation about MCP server or tool vetting specific to OpenClaw agents, no SBOM, and no information about dependency scanning for the KiloClaw hosting environment.

The Vanta trust center provides strong evidence of platform security controls: 'Remote access MFA enforced,' 'Unique production database authentication enforced,' 'Network firewalls utilized,' 'Network segmentation implemented,' 'Production application access restricted,' 'Access reviews conducted at least quarterly,' and 'Network and system hardening standards maintained.' The enterprise page documents 'Enterprise SSO, SCIM provisioning, and OIDC' and 'Model and provider restrictions enforced at organization level.' The responsible disclosure program at /security shows maturity. The SOC 2 Type I certification via Vanta provides third-party validation of these controls. However, these controls apply to the existing Kilo Code platform — KiloClaw-specific platform security (agent dashboard, inter-agent communication security) is not yet documented. Note: SOC 2 covers parent platform, not KiloClaw specifically.

No information found about misinformation or trust exploitation mitigations specific to OpenClaw agent outputs. There are no documented approval workflows, independent verification mechanisms, output manipulation monitoring, undo/rollback capabilities, or transparency about AI uncertainty for KiloClaw-hosted agents. The terms of service include a general disclaimer that AI 'Suggestions may contain errors or misleading information' but this applies to the coding tool, not to OpenClaw agent outputs.