From the youcanbuildthings catalog · ▸ Build-tested

AI Agent Security: Lock Down Claude Code, MCP Servers & OpenClaw

Name: AI Agent Security: Lock Down Claude Code, MCP Servers & OpenClaw
Price: 9.99 USD
Availability: InStock
Author: J Cook

Stop Prompt Injection, Scope Your Credentials, and Ship Agents That Can't Be Owned

eBook: $9.99 199 pages

Get on Amazon →

You gave your agent your own credentials just for testing, and now it runs in a loop at 3am with full access to everything you can touch. There is no security boundary, only a model that sometimes says no. This is the defensive field manual that hardens Claude Code, MCP servers, and OpenClaw by architecture, not by a model's mood: a threat model of your own agent, scoped credentials a prompt injection can't steal, a real sandbox, an untrusted-input gate, and a one-page hardening checklist you run on every agent you ship.

The agent-security shelf splits three ways: policy books that never touch your terminal, offensive pentest manuals, and zero-review templates padded with acronyms. None of them name Claude Code or OpenClaw. This one hands you a hardened fleet this weekend: by Chapter 2 a threat model with every untrusted input mapped, by Chapter 5 an agent boxed in gVisor or Firecracker with credentials it physically cannot exfiltrate, by Chapter 7 a cheap model that literally cannot send an email or spend a dollar, and by Chapter 10 a pen-test suite you fire at your own agent to watch each defense hold or fail. Over 40,000 words of copy-pasteable configs, real CVEs as case studies, and build steps you run on a live agent.

What You'll Build

There Is No Security Boundary

Why model refusal is a probability that tracks your token budget, and only architecture is a real boundary.

How Your Agent Gets Owned

Watch one prompt injection land step by step, then map your agent against the OWASP ASI01-ASI10 attack surface.

Stop Giving Your Agent the Keys to Everything

Write a deny-by-default least-privilege spec that treats the agent's access like a scoped API key, not your account.

Scoped Credentials: Take Back Your Keyring

Build a credential broker so the agent borrows five-minute tokens and holds no durable secret to steal.

Put Your Agent in a Box

Sandbox the agent with gVisor or Firecracker, a read-only filesystem, and a default-deny egress allowlist that catches exfiltration.

Treat Every Input as Hostile

Stand up an input gate and a memory-write guard, then kill a planted payload at both the action and persistence points.

The Cheap Model Can't Send Email

Split the agent into reader and actor so the untrusted path has no destructive tool to call, enforced in code.

Your Skills and MCP Servers Are a Supply Chain

Run four vetting gates (provenance, permissions, static scan, sandbox trial) that a real npm token-stealing trojan fails.

The Audit Log Lies

Give the agent its own identity and an on-behalf-of trail so every action answers who acted, passing a security review.

Attack Your Own Agent Before Someone Else Does

Fire a repeatable ASI attack suite at your hardened agent, score what holds, and wire it into CI as a required check.

What Hardening Can't Buy You

Map your residual risk with a Swiss-cheese stack and a three-column register that names what you simply won't deploy.

Your Agent Hardening Runbook

Assemble the ten-step hardening checklist plus an isolate-revoke-audit-rotate incident playbook for your whole fleet.

Free Articles from this Book

analysis 8 min read

The AI Agent Audit Log Lies. Here's How to Fix It

Your AI agent audit log says the human did it. Build distinct-identity attribution with an on-behalf-of trail so every agent action answers who really acted.