The developers behind the popular, enterprise-friendly open source OpenClaw variant, NanoClaw, are collaborating with software supply chain management leader JFrog to introduce a new joint security integration. This initiative aims to safeguard NanoClaw’s autonomous agents from malicious code injections.
“These agents are doing things that you cannot necessarily control, and you cannot necessarily train,” stated Gal Marder, Chief Strategy Officer at JFrog, in an exclusive interview with VentureBeat.
Available immediately, this partnership connects NanoClaw agents directly to JFrog’s vetted software registries, ensuring AI assistants only access scanned and secure dependencies.
This launch addresses a significant and growing concern in technology: autonomous agents often install packages in the background to enhance their capabilities, frequently without the knowledge or oversight of their human operators.
“The people who are operating the agents are not necessarily developers, and they are not even aware of the implications,” said Gavriel Cohen, the creator of NanoClaw and CEO and co-founder of its new commercial services startup, NanoCo AI.
To protect the broader ecosystem, the partners are working to make this integration available completely free for the open-source community, while enterprise organizations can easily direct their agents through their existing, commercially licensed JFrog environments.
This new technical capability follows NanoCo’s initiatives to implement permissions dialogs through a partnership with Vercel and a new collaboration with Docker to enable NanoClaw agents to operate more securely, isolated within Docker virtual containers.
The risks associated with personal autonomous AI agents
When interacting with an autonomous system like NanoCo’s NanoClaw, users communicate at a high level of abstraction.
A user might simply send an audio file or a voice note, prompting the agent to independently figure out how to process it.
As Cohen explained, the agent thinks, “oh, I can’t understand voice notes, so let me go and grab a package and download something and install it and set it up and run it.”
This dynamic self-improvement makes AI agents incredibly powerful, but it also leaves them vulnerable to software supply chain attacks.
Malicious actors are increasingly corrupting open-source registries with harmful packages. Because agents autonomously fetch what they need, they bypass human scrutiny.
The operators, who may not even be developers, are largely unaware of the security implications unfolding behind the scenes.
Strategies of NanoCo and JFrog to prevent malicious code execution
The integration between NanoCo and JFrog functions as an automated defense mechanism for these AI environments.
Under the hood, NanoClaw agents are now configured to route their requests for software packages, CLI tools, and Model Context Protocol (MCP) servers exclusively through JFrog’s registries.
If an agent tries to download a compromised library—such as a vulnerable version of the popular Axios package—the JFrog registry intercepts the request.
It blocks the installation, returning a security policy error to the agent, indicating that the request was “rejected by JFrog’s registry with a 403 security policy”.
Importantly, the system doesn’t stop at blocking the threat; it creates a dynamic correction loop. The agent is informed of the vulnerability and guided to automatically find and install an approved, non-malicious version of the requested package instead.
For large organizations, this integration resolves a major compliance challenge. Marder notes that as enterprises adopt autonomous agents, they require complete visibility.
Organizations need “a system of record, we need somewhere to track what agents that’s running by whom and consuming what packages and using what skills and using what MCPs,” he told VentureBeat.
Beyond visibility, the JFrog integration provides a foundational “trust layer” and strict governance over what these automated systems are allowed to access.
Licensing and accessibility
In the realm of software distribution, licensing and access parameters dictate adoption. The NanoCo and JFrog partnership employs a dual-track strategy to serve both individual open-source developers and highly regulated enterprises.
For the open-source community, the integration is completely free. JFrog is offering open-source NanoClaw users complimentary access to secure, vetted sources of artifacts, tools, and skills.
This enables individual developers to run autonomous agents locally without being overwhelmed by manual approval requests for every dependency. Additionally, as community members create and share new “skills” for the agents, these contributions are uploaded to the registry, scanned for malicious code, and cleared before others can use them.
This infrastructure directly neutralizes the threat of corrupted community repositories.
For enterprise deployments, the architecture integrates seamlessly into an organization’s existing commercial environment. Instead of using the public open-source registry, corporate users direct their NanoClaw agents to their own internal JFrog registries.
This ensures that all agent activity complies with the company’s specific commercial licenses, internal security policies, visibility needs, and governance standards.
As AI increasingly blurs the line between human intent and machine execution, the infrastructure securing that execution must evolve. This partnership recognizes a fundamental reality: you cannot train an AI to perfectly recognize every zero-day vulnerability; instead, you must build an environment where the agent simply cannot reach the vulnerability in the first place.
