An in‑depth look at the policies and practices that keep FemtoClaw agents safe: capability gating, sandboxing, audit integrity and memory safety【893677891970196†L7-L21】.
All tool execution is explicitly gated. By default, no system call is permitted. Capabilities must be granted by policy and are validated at runtime, ensuring that agents cannot access unauthorised resources【893677891970196†L7-L21】.
FemtoClaw sanitises every argument passed to system commands. This prevents injection of malicious flags or environment variables into sensitive binaries and ensures that tools operate within pre‑approved boundaries【893677891970196†L7-L21】.
Every tool call and result is recorded in an append‑only audit log. Logs are tamper‑evident and cryptographically verifiable, enabling forensic analysis and compliance reporting【893677891970196†L7-L21】.
The runtime is written in Rust, providing strong compile‑time guarantees against data races, null pointer dereferences and buffer overflows. Memory safety eliminates entire classes of vulnerabilities and underpins the trustworthiness of the execution authority【93068253089653†L219-L225】.