Autonomous penetration testing with AI agents – self-hosted, compliance-ready, and fully under your control. Powered by Claude, NVIDIA NemoClaw, and OpenClaw.
What is SentinelClaw?
SentinelClaw is a self-hosted platform for authorized security assessments. AI agents plan and execute multi-phase penetration tests autonomously – with strict sandbox isolation, kill switch, and complete audit trails. No vendor lock-in, full data sovereignty.
Core Features
Autonomous AI Agents
Orchestrator agent coordinates specialized scan agents. Autonomous decision-making with tool loops and error recovery.
8-Layer Security
From auth & RBAC through Docker sandbox to kernel-level isolation with Landlock LSM and seccomp BPF.
4-Path Kill Switch
Instant emergency stop via application, container, network, and OS level – independently of each other.
Compliance-Ready
Built for GDPR, BSI Grundschutz, and ISO 27001. PDF reports with legal authorization proof.
Multi-Phase Scanning
4-phase pipeline: host discovery, port scan, vulnerability scan, and AI-powered analysis with nmap and nuclei.
Data Sovereignty
3-tier LLM strategy: Ollama (self-hosted), Azure OpenAI (EU), or Claude API. You decide where your data stays.
Security Architecture
How a Scan Works
Host Discovery
Network reconnaissance and reachability check of target systems.
Port Scan
Service identification and version detection on open ports.
Vulnerability Scan
Automated vulnerability assessment with nuclei templates.
AI Analysis
Evaluation, prioritization, and report generation by AI agents.
Technology Stack
Backend
Python 3.12+, FastAPI, SQLAlchemy, structlog
Frontend
React 19, TypeScript, Tailwind CSS, Vite
Security
Docker, Landlock LSM, seccomp BPF, NemoClaw
KI / LLM
Claude API, Azure OpenAI, Ollama
Tools
nmap 7.80, nuclei 3.3.7, MCP Server
Get Started
SentinelClaw is open source and can be set up in minutes.
Clone the repository
git clone https://github.com/antonio-030/SentinalClaw.gitInstall dependencies & configure .env
pip install -e . && cp .env.example .envStart Docker sandbox and get going
docker compose up -d sandboxFAQ
Answers to the most important questions about SentinelClaw
Yes. SentinelClaw is available on GitHub under the MIT license — the entire codebase is open and can be self-hosted freely without licensing costs or subscriptions. Current status: v0.1.0, proof of concept with working core features.
SentinelClaw runs as a Docker stack on Linux, macOS or Windows. Kernel-level sandboxing via Landlock LSM and seccomp BPF requires Linux. Local LLM inference with Ollama needs additional RAM (8 GB+ recommended depending on model size); cloud LLM usage requires less.
Three options — you decide where your data stays: Ollama for fully local inference without data leaks, Azure OpenAI with EU hosting and GDPR DPA, or the Anthropic Claude API. Switch via .env configuration without code changes.
Self-hosted with no data flow to third parties. With SaaS pentest tools, scan results — meaning your systems' vulnerabilities — end up on foreign servers. SentinelClaw runs on your own infrastructure, has no telemetry and no call-home connections. Important for government, healthcare and fintech.
Designed for GDPR Art. 32 (TOMs), German BSI Grundschutz (OPS.1.1.6 software testing, DER.2.1 security incidents) and ISO 27001 Annex A.12.6.1 (technical vulnerability management). PDF reports include authorization proofs with reference to §202a and §303b of the German Criminal Code.