Shoofly – pre-execution security for Claude Code Cowork and OpenClaw

Name: Shoofly – pre-execution security for Claude Code Cowork and OpenClaw
Availability: InStock
Author: evanvuckovic

by evanvuckovic·Mar 29, 2026·3 points·0 comments

Visit Project View on HN

AI Analysis

●●●BangerZero to OneSolve My ProblemShip It

Blocks prompt injection before execution when Anthropic's filters won't.

Strengths

•VirtioFS bridging enables sub-50ms alerts from inside isolated Cowork VMs
•Open YAML policies let you audit and fork rules, not black boxes
•Local SQLite audit trail tracks tool calls without sending data to cloud

Weaknesses

•Only supports Claude Code and OpenClaw ecosystems, not generic LLM agents
•Relies on plugin hooks that could break if upstream CLIs change

Post Description

Anthropic says on their safety page: "these filters are not a security boundary." Snyk found 36% of ClawHub skills contain security flaws. Trend Micro documented malware being distributed through ClawHub.

These agents have shell access, file access, and connected accounts. We built Shoofly to sit in front of tool calls before they fire.

- PreToolUse / PostToolUse hooks intercept every tool call - Blocks prompt injection, credential theft, unauthorized writes, malware in tool results - Works with OpenClaw, Claude Code CLI, and Cowork / Dispatch - Open YAML policy -- read it, fork it, audit it - Free tier detects. $5/mo blocks.

The Cowork piece was the interesting part. Cowork runs Claude Code inside a full Ubuntu VM -- host hooks don't fire there. We used the plugin system with hooks/hooks.json and VirtioFS to get sub-50ms alert latency from inside the VM to host notifications.

curl -fsSL https://shoofly.dev/install.sh | bash

shoofly.dev