An AI agent that
works while you're working

ArmorClaw handles your inbox, drafts replies, manages files, and automates tasks while your Mac is running. Message it from Telegram and it reports back. Files the agent reads or writes are scoped to one folder you choose. Browser actions and email access have their own boundaries.

Download for macOS Free for 30 days. No credit card required.

We wanted an agent that actually did things

Most AI tools are chat windows. You open them when you have time, ask a question, get an answer. That's useful, but it's not leverage. Leverage is an agent that works through your backlog on a schedule. That sends you a summary before you get back to your desk. That handles the repetitive stuff without you having to remember to ask.

ArmorClaw runs on your own machine, so your client conversations and business data don't live on someone else's server. The file skill is confined to a single folder you pick during setup. It can't reach your Desktop, your other apps, or anything outside that boundary. Other parts of the agent (browser automation, email access) have separate boundaries we describe on the security page. You get the automation without handing over full keys to your computer.

We built it for the professional who doesn't have an engineering team. Real estate agents who need to stay on top of a pipeline. Financial advisors who can't afford to let anything slip. Freelancers who bill by the hour and need to spend it on the right things.

How it works for you

Works from your phone

Text ArmorClaw on Telegram and it gets to work. Triage your inbox, draft a follow-up, look something up. Every morning it sends you a briefing without being asked — what came in, what's ahead, what needs a decision.

Token transparency

Every task shows the exact AI cost in dollars. Set a monthly cap and ArmorClaw stops before you hit it. No surprise bills. If you run Ollama locally, your cost is zero — ArmorClaw tracks that too.

You approve the irreversible stuff

ArmorClaw drafts emails and queues up actions — it doesn't send until you say so. A plain-English dashboard shows every task it ran and every permission it used. If something doesn't look right, you have 60 seconds to undo it.

Running in 15 minutes

A step-by-step setup wizard. No terminal, no config files, no engineering team required. Connect your email account, choose your files folder, and link Telegram. It's running before you finish your coffee.

Hardened on top of OpenClaw

ArmorClaw is built on OpenClaw, the open-source agent runtime. OpenClaw is powerful and flexible — designed for engineers building their own agents. ArmorClaw is what you get when you wrap it in the security layer, approval flow, and setup wizard that make it deployable by someone who's never opened a terminal.

Honest about prompt injection

Our current input filter screens what you type into the agent. Indirect injection (instructions hidden in emails or web pages the agent reads) is a real attack vector we are actively rebuilding protection for. Until that lands, we recommend not pointing the agent at untrusted content. Full status on the security update page.

Permission manifests

Every skill declares what it can access — read email, write files, control the browser — and is blocked at load time if it tries to exceed that. No runtime privilege escalation.

The agent stays in one folder

The file skill is scoped to one folder you choose during setup. It cannot read or write outside that folder. Path traversal attempts are rejected and logged. Browser, email, and network access have separate boundaries documented on the security page.

Plain-English audit log

Every action the agent has taken, with timestamp, skill name, outcome, and duration — in a searchable dashboard. Export to CSV anytime. No telemetry leaves your machine.

You choose where your conversations go

ArmorClaw doesn't lock you into one AI provider. During setup, you pick the one that fits your priorities.

Local

Ollama

Runs a model on your own hardware. Nothing leaves your computer. No API key. No cost. The most private option available.

Cloud

Anthropic (Claude)

Powerful cloud AI. Conversations go directly from your computer to Anthropic's servers. You bring your own API key and pay Anthropic directly.

Cloud

OpenAI (GPT)

Powerful cloud AI. Conversations go directly from your computer to OpenAI's servers. You bring your own API key and pay OpenAI directly.

A few things to know before you delegate

AI agents are capable and occasionally wrong. Here's what you should keep in mind going in.

Your Mac has to be running

ArmorClaw runs on your computer. Scheduled tasks, morning briefings, and Telegram messages all require the Mac to be on and the app to be open. If the machine sleeps, the agent stops.

Cloud providers still see your prompts

If you pick Anthropic or OpenAI, the text of your conversations goes to their servers. That's inherent to using cloud AI. For total privacy, run Ollama locally — then nothing leaves your machine.

Start with low-stakes work

Give the agent simple tasks first — inbox triage, research, drafts — before delegating anything with real consequences. Build trust by reviewing what it did, not by assuming it was right.

Approvals only work if you read

ArmorClaw drafts emails and queues up actions, asking before sending or committing. That safety net only works if you actually read what's in front of you — not reflexively tap approve.

Don't point it at untrusted content

The injection filter catches common attacks, but no filter is perfect. Don't let the agent process emails, files, or web pages from sources you wouldn't trust with your account credentials.

Set a token budget

Autonomous agents can get expensive fast if something loops. ArmorClaw's budget cap hard-stops the AI provider when you hit your limit — use it. $20/month is the default; tune it to what you're comfortable with.

What we're rebuilding right now

Our internal review surfaced nine gaps between what ArmorClaw currently does and what our marketing implied. Some of those gaps were claims that overstated our protection. We've taken those claims down, paused signups, and are working through a four-phase update before reopening. We'd rather lose sales than misrepresent what the product does.

The 0.3.0 release will include source-tagging on every input the agent reads, a content classifier for indirect prompt injection, signed and tamper-evident audit logging, approval prompts that show the literal action being approved (rather than the agent's description of it), a domain allowlist for browser automation, and a "what we protect against" table with both what's covered and what isn't, including risks we explicitly do not address.

We have not had a third-party security audit and don't currently have the budget for one. The 0.3.0 release will publish our internal red-team log alongside the disclosures, so you can read what we tested and what we found.

Simple pricing

One plan. Everything included. Cancel anytime.

$19.99 / month
Reopening with our 0.3.0 release
Includes: email triage and drafting, file management, browser automation, daily briefings, scheduled recipes, one-tap undo, full audit trail, token transparency dashboard, Telegram integration, and every update we ship. You bring your own API key or run a free local model.

FREE TRIAL + AUTO-RENEWAL NOTICE: Your free trial ends 30 days after signup. Unless you cancel before then, you authorize ArmorClaw to charge $19.99 plus applicable taxes on that date and every month thereafter until canceled. Cancel anytime in Settings. Terms of Service