Clawvisor is an open-source authorization gateway that sits between AI agents and the apps they operate, letting agents take real action in Gmail, Slack, Google Drive, and other sensitive systems without ever touching user credentials or going beyond their approved scope. As autonomous agents move from demos into production, traditional OAuth and API keys break down: a model with a long-lived token can do almost anything the user can, and small prompt injections become full account takeovers. Clawvisor reframes this with purpose-based authorization, where the agent declares the task it intends to perform and the user approves a scope rather than a permission.
The architecture is built around three layers. Hard restrictions block matching actions unconditionally regardless of who or what is asking. Task scopes with auto-execute let pre-approved actions run silently, while any request that drifts outside the approved scope lands in a per-request approval queue. Every call is risk-scored before execution, so anomalous parameters, unusual access patterns, or scope creep trigger immediate blocks. Credentials live in a vault and are never exposed to the agent runtime. The gateway is agent-agnostic and works with anything that speaks HTTP, including Claude Code, Claude Cowork, Hermes, and Perplexity Computer.
Clawvisor is part of YC's Spring 2026 (P26) batch and is founded by Eric Levine, previously co-founder of identity verification company Berbix, which was acquired by Socure in 2023. The hosted cloud version is free to try without a credit card, and a self-hostable open-source edition is available on GitHub. Coverage targets the highest-risk verticals: financial services, healthcare, legal tech, and enterprise SaaS environments.