QClaw Security Gateway: How It Protects Your Computer
Learn how QClaw's AI Security Gateway monitors, protects, and gives you complete control over every action your AI agent performs. Comprehensive guide to desktop AI safety.
In this article
IntroductionUnderstanding the Security GatewayCore ComponentsOperation Types and Risk LevelsConfiguration GuideReal-Time DashboardSecurity ScenariosBest PracticesTransparency FeaturesPrivacy IntegrationResponding to AlertsFrequently Asked QuestionsSecurity ChecklistGet Started SafelyRelated ArticlesIntroduction
When an AI agent can read your files, send emails, and execute code on your computer, security isn't optionalβit's essential. QClaw's AI Security Gateway (Claw Gateway) provides comprehensive protection, giving you complete visibility and control over every action.
This guide explains how the Security Gateway works and how to use it effectively.
Learn about QClaw security: https://qclawsg.qq.com
Understanding the Security Gateway
What is the Security Gateway?
The Security Gateway is QClaw's built-in security system that acts as a vigilant monitor for all AI operations. Think of it as:
- Security Camera: Records everything
- Permission Guard: Checks before executing
- Risk Assessor: Evaluates each action
- Alert System: Warns of suspicious activity
- Control Panel: Lets you set boundaries
Why It Matters
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Without Security Gateway β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β User Request βββΊ AI Agent βββΊ Actions β
β β β
β βΌ β
β No visibility β
β No control β
β Blind trust β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β With Security Gateway β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β User Request βββΊ Security Gateway βββΊ AI Agent βββΊ Actionsβ
β β β
β βΌ β
β β Visibility β
β β Control β
β β Risk assessment β
β β Full audit trail β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Core Components
1. Operation Monitor
Every action QClaw takes is logged:
| Logged Information | Description |
|---|---|
| Timestamp | When the action occurred |
| Action Type | What QClaw tried to do |
| Target | Files, apps, or systems affected |
| Risk Score | Assessment of potential risk |
| Status | Approved, denied, or pending |
2. Risk Assessment Engine
Actions are evaluated before execution:
# Risk scoring factors
class RiskAssessment:
factors = {
"data_sensitivity": "How sensitive is the data involved?",
"action_reversibility": "Can this be undone?",
"external_impact": "Does this affect outside systems?",
"user_pattern": "Is this typical for this user?",
"chain_analysis": "Does this fit the overall task?"
}
# Risk levels
LOW = 0-30 # Auto-execute
MEDIUM = 31-60 # Log and proceed
HIGH = 61-80 # Require approval
CRITICAL = 81-100 # Block by default
3. Permission Controller
Granular control over what QClaw can access:
| Permission | Default | Description |
|---|---|---|
| File: Read | Specific folders | View files |
| File: Write | None | Create/modify files |
| File: Delete | None | Remove files |
| Network | Allowed | Internet access |
| Draft only | Compose emails | |
| Email: Send | Disabled | Actually send |
| System | Limited | Change settings |
4. Alert System
Notifications for important events:
| Alert Type | Trigger | Action |
|---|---|---|
| Info | Normal operation | Log only |
| Warning | Unusual pattern | Review suggested |
| Caution | Elevated risk | Confirmation required |
| Critical | Suspicious activity | Immediate block |
Operation Types and Risk Levels
Low Risk (Auto-Approved)
These operations proceed automatically:
- Reading non-sensitive documents
- Opening specified applications
- Searching for information online
- Generating summaries
- Formatting text
Medium Risk (Logged)
These operations proceed but are logged:
- Creating new files
- Sending drafts for review
- Accessing Downloads folder
- Making non-sensitive changes
- Running approved scripts
High Risk (Approval Required)
These require your confirmation:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β οΈ Approval Required β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Action: Delete 15 files from Documents folder β
β β
β Files to be deleted: β
β β’ old_reports_2024.pdf β
β β’ draft_proposal_v1.docx β
β β’ meeting_notes_backup.txt β
β ... and 12 more β
β β
β Risk Assessment: High (67/100) β
β Reason: Multiple file deletion β
β β
β [Approve] [Deny] [Review Files] β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Critical Risk (Blocked)
These are blocked by default:
- Accessing system settings
- Installing applications
- Sending emails (without approval)
- Accessing sensitive folders
- Making network changes
Configuration Guide
Basic Security Settings
Access Settings: Settings β Security β Basic
| Setting | Options | Recommendation |
|---|---|---|
| Default Risk Threshold | Low/Medium/High | Medium |
| Auto-approve Low Risk | On/Off | On (recommended) |
| Show Notifications | On/Off | On |
| Sound Alerts | On/Off | Off |
Advanced Security Settings
For Power Users: Settings β Security β Advanced
security_config:
# Permission Profiles
profiles:
strict:
file_read: "Documents only"
file_write: "Disabled"
network: "Read-only"
email: "Draft only"
balanced:
file_read: "Documents, Downloads"
file_write: "Documents"
network: "Allowed"
email: "Draft + approve for send"
permissive:
file_read: "All folders"
file_write: "Allowed"
network: "Full"
email: "Send with confirmation"
Folder Permissions
Granular Control:
You: "Allow QClaw to access my work projects folder"
QClaw: "Permission updated!
Allowed folders:
β Documents
β Downloads
β ~/Projects/Work
Blocked folders:
β ~/Documents/Sensitive
β ~/.ssh
β ~/.config/credentials
Real-Time Dashboard
Star Office Security View
Access via the Star Office dashboard:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β QClaw Security Dashboard β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β TODAY'S ACTIVITY Risk Distributionβ
β ββββββββββββββββββββββββββββββββββ βββββββββββββββββ β
β β 47 operations completed β β ββ 65% Low β β
β β 3 approvals requested β β β 25% Medium β β
β β 0 denied β β β 8% High β β
β β 2 warnings flagged β β β 2% Blocked β β
β ββββββββββββββββββββββββββββββββββ βββββββββββββββββ β
β β
β Recent Operations (Last 24h) β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β 10:45 AM β Read file.txt Low auto β β
β β 10:52 AM β Create summary.md Medium auto β β
β β 11:15 AM β οΈ Delete files (3) High pendingβ β
β β 11:20 AM β Search web Low auto β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Security Scenarios
Scenario 1: Unexpected File Access
Situation: QClaw tries to access a folder outside its permissions
Alert: Unauthorized Access Attempt
QClaw attempted to access: ~/Documents/Sensitive/HR/
Permission: Denied
This request was blocked. If this was unexpected:
β’ QClaw may have misinterpreted a request
β’ Check the original request for clarification
[View Details] [Allow This Once] [Update Permissions]
Scenario 2: Suspicious Pattern
Situation: Multiple file deletions in short succession
Warning: Elevated Activity Pattern
QClaw has performed 10 file operations in the last 5 minutes:
β’ 7 file reads
β’ 2 file creations
β’ 1 file deletion
This pattern differs from your normal usage.
Recommended Actions:
β’ Review recent operations
β’ Verify the current task context
β’ Continue monitoring
[Review Operations] [Pause QClaw] [All Normal]
Scenario 3: Email Without Permission
Situation: QClaw attempts to send an email
Critical: Email Send Blocked
QClaw attempted to: Send email via Gmail
Status: BLOCKED (email:send not permitted)
To allow email sending:
1. Settings β Security β Email
2. Enable "Allow email sending"
3. Set to "Approve each" or "Trusted senders only"
[Allow This Once] [Update Settings] [Dismiss]
Best Practices
For Individual Users
1. Start Restrictive
Initial Setup:
β’ file_read: Documents only
β’ file_write: Disabled
β’ email: Draft only
β’ network: Allowed
Gradually expand as you build confidence.
2. Review Regular Reports
Weekly Check:
β Review operation log
β Check for anomalies
β Verify all actions were intended
β Adjust permissions if needed
3. Enable Smart Alerts
Recommended Alerts:
β’ Any file deletion
β’ Any email action
β’ Network downloads
β’ Application installations
β’ System changes
For Business Users
1. Establish Policies
corporate_policy:
default_profile: "strict"
allowed_operations:
file_read: ["Documents", "Shared"]
file_write: ["Documents"]
email_draft: true
email_send: "manager_approval"
blocked_operations:
system_settings: true
app_install: true
sensitive_folders: ["HR", "Finance", "Legal"]
2. Regular Audits
Monthly Security Review:
β’ Operation statistics
β’ Risk incidents
β’ Permission usage
β’ Policy compliance
β’ User feedback
Transparency Features
Complete Audit Trail
Every operation is logged:
{
"timestamp": "2026-04-29T14:32:15Z",
"operation_id": "op_8f7a6b5c",
"user_id": "user_abc123",
"action": "file_delete",
"target": {
"path": "/Users/you/Documents/old_file.txt",
"type": "text"
},
"risk_assessment": {
"score": 85,
"level": "high",
"factors": ["multiple_files", "outside_work_folder"]
},
"status": "pending_approval",
"context": {
"task": "Clean up old files",
"user_request": "organize my documents"
}
}
Operation Replay
Review exactly what happened:
You: "Show me what QClaw did this morning"
QClaw: "Here's your morning activity:
9:00 AM - Task: Morning email summary
β Read inbox (50 emails)
β Starred 5 important
β Created summary document
10:30 AM - Task: Organize downloads
β Scanned Downloads folder
β Categorized 23 files
β Moved files to appropriate folders
12:00 PM - Task: Draft meeting response
β Read meeting invitation
β Created draft response
β Saved to draft folder
All operations completed successfully!"
Privacy Integration
Data Minimization
| Data Type | Processing | Storage |
|---|---|---|
| File content | Local only | Never uploaded |
| Messages | Local AI | 24h max |
| Operation logs | Encrypted | On-device |
| User preferences | Encrypted | On-device |
Third-Party Transparency
QClaw only shares:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Data Shared with Third Parties β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β β Non-sensitive usage metrics (operation counts) β
β β Error reports (no file content) β
β β Model interaction (input/output, not files) β
β β
β β File contents - NEVER β
β β Personal messages - NEVER β
β β Credentials - NEVER β
β β Proprietary information - NEVER β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Responding to Alerts
Step-by-Step Response
1. Stay Calm
Security Gateway catches issues earlyβthat's what it's designed for!
2. Assess the Context
- What task were you working on?
- Does this action make sense for that task?
3. Review the Details
- Check which files/apps are involved
- Verify the operation scope
4. Take Action
- Approve if legitimate
- Deny and pause if suspicious
- Report if concerning
5. Learn and Adjust
- Update permissions if needed
- Refine future prompts
Frequently Asked Questions
Q: Does Security Gateway slow down QClaw?
A: Minimal impact. Risk assessment adds <10ms to most operations.
Q: Can I disable Security Gateway?
A: Noβit's a core component. But you can set it to auto-approve low-risk operations.
Q: What happens if QClaw does something I didn't approve?
A: You can review the operation log, revoke recent actions, and adjust permissions.
Q: Is my data safe with QClaw?
A: Yes. Files are processed locally, operation logs are encrypted, and Security Gateway monitors everything.
Q: Can I set different permissions for different tasks?
A: Current version uses session-wide permissions. Per-task permissions are planned.
Security Checklist
Initial Setup
- [ ] Review default security settings
- [ ] Configure folder permissions
- [ ] Enable notifications
- [ ] Test approval workflow
- [ ] Set up alert preferences
Ongoing Maintenance
- [ ] Weekly: Review operation logs
- [ ] Monthly: Check permission usage
- [ ] Quarterly: Update security policies
- [ ] As needed: Adjust for new use cases
Get Started Safely
QClaw's Security Gateway lets you harness AI power with complete peace of mind.
Download QClaw: https://qclawsg.qq.com
Related Articles
Your security is our priority: https://qclawsg.qq.com
Powerful AI with complete transparency and control.