Security

Threat model and what we protect against.

Threat model

CLAW NOVA is client-side, local-first. The threat model reflects that:

  • In-scope: key extraction, prompt injection that triggers wallet signing, malicious plugins that exfiltrate memory.
  • Out-of-scope: server-side exfiltration (there is no server to exfiltrate from by default).

What we protect against

Private keys

CLAW NOVA never sees a private key. All signing happens in your wallet extension. No code path in the repo asks for a key.

Prompt injection → wallet sign

A signing request is always mediated by your wallet extension UI. Hermes can build a payload, but the human-in-the-loop signature is non-bypassable.

Plugin sandboxing

Plugins run in the same JS context (v0.1). They have access to the Hermes tool registry and Dexie. Sensitive capabilities (wallet.sign, fs.write) are gated by explicit user prompts.

A stricter sandbox (Web Workers + structured-clone-only messages) is on the v0.3 roadmap.

Memory exfiltration

Memory lives in IndexedDB. A malicious plugin could read it. Until plugin sandboxing lands, treat plugin installs the way you treat npm installs — only run code you trust.

Reporting vulnerabilities

Email security@clawnova.app with reproduction steps. We respond within 72 hours and publish a CVE if applicable.