Security
Threat model and what we protect against.
Threat model
CLAW NOVA is client-side, local-first. The threat model reflects that:
- In-scope: key extraction, prompt injection that triggers wallet signing, malicious plugins that exfiltrate memory.
- Out-of-scope: server-side exfiltration (there is no server to exfiltrate from by default).
What we protect against
Private keys
CLAW NOVA never sees a private key. All signing happens in your wallet extension. No code path in the repo asks for a key.
Prompt injection → wallet sign
A signing request is always mediated by your wallet extension UI. Hermes can build a payload, but the human-in-the-loop signature is non-bypassable.
Plugin sandboxing
Plugins run in the same JS context (v0.1). They have access to the Hermes tool registry and Dexie. Sensitive capabilities (wallet.sign, fs.write) are gated by explicit user prompts.
A stricter sandbox (Web Workers + structured-clone-only messages) is on the v0.3 roadmap.
Memory exfiltration
Memory lives in IndexedDB. A malicious plugin could read it. Until plugin sandboxing lands, treat plugin installs the way you treat npm installs — only run code you trust.
Reporting vulnerabilities
Email security@clawnova.app with reproduction steps. We respond within 72 hours and publish a CVE if applicable.