@1clawAI profile picture
1claw AI @1clawAI
Joined February 2026
  • Tweets 942
  • Following 812
  • Followers 1,098
68 Photos and videos
Pinned Tweet
1claw AI
@1clawAI
Jun 2
@cryptomastery_ on @bankrbot Agent Hour: an agent that moves money holds a signing key, usually one prompt-injection from leaking out of an env var. The fix isn't a better prompt. The agent never sees the key, Vault brokers it per call. Follow @1clawAI 🦞 1claw.xyz/telegram

1Claw

t.me
Bankr
@bankrbot
Jun 1
OG builder @cryptomastery_ gives the rundown on agent security solutions with @1clawAI
1:43
3
4
26
2,738
Congratulations @nyknicks 🎉🥳👏🎊🙌🏼
2
7
116
Zero keys in agent memory. 1Claw Intents API signs @base transactions inside a TEE, policy-checks the call, caps the value, and broadcasts. The agent gets a receipt, not a key.
1
5
69
Every agent security failure traces back to the same thing: a credential existed somewhere it shouldn't have. Not in transit. At rest, in a process, in a log. 1Claw removes that surface by design.
1
5
89
Time Square is buzzing, and not just because of the @nyknicks
3
19
521
Building a @crewAIInc crew that calls external APIs? Every tool execution passes a credential through the agent's memory. 1Claw resolves it at call time. The crew never holds it.
1
1
8
104
Three ways your AI agent is leaking secrets right now: 1. Keys sitting in environment variables 2. Full API tokens passed into tool calls 3. Prompts and responses logged in plain text Fixable, all three. We walk through it in the TG 👇 1claw.xyz/telegram #AIsecurity #SecretsManagement

1Claw

t.me
1
1
9
220
Rotating API keys every 30 days doesn't help if the key lives in plaintext env vars all 30 days. The problem isn't rotation frequency. It's that the key is in the process at all.
1
2
9
263
A stolen API credential used from two continents in the same minute. That's not a sophisticated attack. 1Claw's risk engine catches it before the second call lands. 1claw.xyz/blog/stolen-tokens…

Stolen tokens, impossible travel, and 1claw’s new Risk Engine — 1Claw Blog

1claw shipped a Risk Engine that catches credential compromise while it’s happening. Geo-velocity detection, honeytoken traps, DPoP token binding, and Continuous Access Evaluation — here’s what it...

1claw.xyz
1
1
10
106
How do you protect an agent's signing key from everyone, including the company that runs the vault? Split it with MPC. Sign inside a TEE. Store shares across Google Cloud KMS and others so no single breach is enough. The architecture 👇 1claw.xyz/blog/mpc-tee-agent… #MPC #TEE #HSM

MPC, TEEs, and Google Cloud KMS: how we protect agent keys from everyone, including us — 1Claw Blog

How 1Claw combines multi-party computation, Trusted Execution Environments, and Google Cloud KMS to eliminate single points of compromise for AI agent signing keys.

1claw.xyz
1
8
118
An agent launched a token and never once touched the private key. Not a metaphor. The key lived in a TEE; the agent received a signed transaction back. 1claw.xyz/blog/agent-launche…

An Agent Launched a Token on Base. It Never Held a Key. — 1Claw Blog

A reference agent that provisions identity, pushes to GitLawb, launches a token on Bankr, and signs a swap on Base — without ever holding a private key.

1claw.xyz
1
4
104
Zero trust by construction. Privacy as hardware, not policy. @cryptomastery_ shares how 1Claw secures the agentic era. Live in Houston June 16 with @Cryptoeq. 3 days to go 👇 luma.com/3a05z3sj

Token Talk: Houston - Security in an Agentic World with Kevin Jones · Luma

Join us Tuesday, June 16th, from 5:30-7:30 PM CDT at the Cannon West Houston for an evening diving into the real-world security challenges facing AI and Web3…

luma.com
2
13
172
Collaboration makes the industry stronger. Let’s build!
The Book of Ethereum 📘 booe.eth
@Bookof_Eth
Jun 13
ETHGlobal NYC. 🗽 At the @CodeQuillClaim booth, we have @cryptomastery_ and @dadajuice 👇 Excited to see Immunity × @1clawAI exploring integrations and building together on Ethereum. The BOOElievers are building on Ethereum 🙏📖 We wish everyone a great hack this weekend🙏
2
4
29
554
Elon thinking about agentic security 🦞
2
14
597
Ran a workshop at @ETHGlobal NY today: build an Ethereum agent that holds a key without ever reading it. The agent signs through policy, moves funds inside a cap and allowlist, and cannot drain the wallet or leak the key. Docs: docs.1claw.xyz

1claw Docs — Cloud HSM Secrets Manager for Humans & AI Agents | 1claw Docs

1claw is a cloud HSM secrets manager that lets humans grant AI agents scoped, audited, revocable access to secrets. Documentation for the Human API, Agent API, MCP server, and SDKs.

docs.1claw.xyz
2
10
186
Kevin walked the agent stack at @ETHGlobal NY. Where we fit in that lineup: the other tools help agents do more, we make sure they do it without leaking the keys. Secrets in the vault, prompts shielded, signing inside policy. Agents act, nothing walks out.
Kevin Jones
@cryptomastery_
Jun 12
Did you catch my talk at @ETHGlobal New York? I covered a BUNCH of topics including... > BuidlGuidl @buidlguidl > SpeedRunEthereum @Speedethereum > ETHSkills @ethereum > Scaffold-ETH @ScaffoldETH > x402 and ampersend @ampersend_ai > 1Claw AI @1clawAI and more... Catch the replay! Link in the comments... 👇
1
4
13
664
1claw AI retweeted
Kevin Jones
@cryptomastery_
Jun 12
Did you catch my talk at @ETHGlobal New York? I covered a BUNCH of topics including... > BuidlGuidl @buidlguidl > SpeedRunEthereum @Speedethereum > ETHSkills @ethereum > Scaffold-ETH @ScaffoldETH > x402 and ampersend @ampersend_ai > 1Claw AI @1clawAI and more... Catch the replay! Link in the comments... 👇
ETHGlobal
@ETHGlobal
Jun 12
Building on Ethereum in the AI Era Use Scaffold-ETH, ETH Skills, and AI tools to build Ethereum dapps quickly with @cryptomastery_ of @1clawAI 🦞 Watch the full workshop: youtube.com/live/lxhzWCDy6xM
8
9
48
2,296
The 1Claw builder TG has turned into one of the better rooms for agent security talk: prompt injection, key custody, TEE proxies, MCP tool risk. No shilling. Just builders comparing notes. Pull up a chair 👇 1claw.xyz/telegram #AgenticAI #LLMsecurity

1Claw

t.me
2
12
286
4 lines of code. Drop a honeytoken in your vault. The instant one is read, you have confirmed unauthorized access. 1Claw fires CRITICAL and kills every active session. That's the whole threat model. @cryptomastery_ x.com/cryptomastery_/status/…

Kevin Jones
@cryptomastery_
Jun 12
x.com/i/article/206520471444…
5
16
345
One endpoint. Seven signing modes. Full EVM signing for AI agents across 109 chains. Raw transactions, typed data, personal sign, and more, all behind a policy layer the agent cannot bypass. What we shipped 👇 1claw.xyz/blog/unified-evm-s… @ethereum #DeFAI #AccountAbstraction

One endpoint, seven signing modes: full EVM signing support for AI agents — 1Claw Blog

1Claw’s unified sign endpoint now supports every modern EVM signing standard — legacy, EIP-2930, EIP-1559, EIP-4844, EIP-7702 transactions plus EIP-191 and EIP-712 — with per-agent signing keys,...

1claw.xyz
2
10
163
An autonomous agent ran up a $6,531 AWS bill this week. It was handed a real key with no spend cap and no expiry, then scanned IPv6 across DN42 until the egress charges bankrupted its operator. Same failure mode as the $175K agent drain. The fix is not better prompting. The agent should never hold an unbounded key. Scoped, value-capped credentials are the answer 👇 1claw.xyz/blog/your-agent-do… #AIsecurity #AgenticAI

Your Agent Doesn’t Need Your Keys — 1Claw Blog

On May 4, somebody tricked Grok into draining $175K from Bankrbot’s wallet with Morse code. No exploit, no jailbreak — just two bots trusting each other. Here’s why the fix isn’t a smarter model....

1claw.xyz
1
3
11
838
Load more