NanoClaw and JFrog launch ‘immune system’ to prevent AI agents from downloading malicious code

The creators of the hot, enterprise-friendly, and open-source alternative OpenClaw game NanoClaw have partnered with software management leader JFrog to introduce a new, joint security integration they say will protect NanoClaw’s private agents from malicious code injection.

"These agents do things that you cannot control, and you cannot train," said Gal Marder, Chief Strategy Officer at JFrog, in an exclusive interview with VentureBeat.

Available immediately, the partnership hardwires the NanoClaw agent directly into JFrog’s audited software registry, ensuring that AI assistants can only pull scanned, safe dependencies.

The release addresses a rapidly growing blind spot in technology: private agents often install packages in the background to extend their capabilities, often without their users’ knowledge or oversight.

"The people who use the agents are not really developers, and they don’t even know the results," explains Gavriel Cohen, creator of NanoClaw and CEO and founder of its new commercial services startup, NanoCo AI.

To protect the wider ecosystem, the integration is available completely free of charge to the open source community, while enterprise organizations can easily deploy their agents to their existing, commercially licensed JFrog environments.

The new technology capabilities enabled by this partnership follow NanoCo’s steps to add permission negotiation to all applications where it is available in partnership with Vercel, and a new partnership with Docker to allow NanoClaw agents to run more securely, isolated from other software environments directly within virtual Docker containers.

The danger of current, autonomous AI agents

When an operator engages with an autonomous system like NanoCo’s NanoClaw, they communicate with a high level of privacy.

The user can simply send an audio file or a voice note, prompting the agent to independently find out how it is being processed.

As Cohen explains, an agent thinks, "oh, i don’t understand the voice notes, so let me go get the package and download something and install it and set it up and use it".

This powerful automation makes AI agents incredibly powerful, but it also makes them vulnerable to software supply chain attacks.

Bad actors are increasingly poisoning open source subscribers with malicious packages. Because agents work automatically to fetch what they need, they bypass human supervision.

Operators, who may not even be engineers, are largely unaware of the security implications unfolding behind the scenes.

How NanoCo and JFrog work to stop agents from running malicious code

The integration between NanoCo and JFrog acts as an automatic defense system for these AI environments.

Under the hood, NanoClaw agents are now configured to route their requests to software packages, CLI tools, and Model Context Protocol (MCP) servers exclusively through JFrog registration.

When an agent tries to download a vulnerable library—such as a vulnerable version of the popular Axios package—the JFrog registry intercepts the request.

Prevents installation, returns a security policy error to the agent, notes that the request was "JFrog registration denied with 403 security policy".

Most importantly, the system not only blocks the threat; it creates a dynamic repair loop. The agent is notified of the vulnerability and directed to automatically search for and install an authorized, non-malicious version of the requested package.

For large organizations, this integration solves a major compliance headache. Marder notes that as businesses take on independent agents, they need full visibility.

Organizations need "recording system, we need somewhere to track which agents are working with whom and using which packages and which capabilities we are using and which MCPs we are using," he told VentureBeat.

Out of sight, JFrog’s integration provides the foundation "trust layer" and strict controls over what these automated systems are allowed to access.

Licensing and accessibility

In the field of software distribution, licensing and access restrictions limit discovery. The NanoCo and JFrog partnership uses a two-track approach to leverage individual open source developers and highly regulated enterprises.

In the open source community, integration is completely free. JFrog provides open source NanoClaw users with modest access to secure, vetted sources of artifacts, tools, and capabilities.

This allows individual developers to run standalone agents locally without being bogged down in manually approving requests for each dependency. In addition, as members of the community build and share new "abilities" for agents, these contributions are uploaded to the registry, scanned for malicious code, and deleted before anyone else can use them.

This infrastructure directly eliminates the threat of toxic public deposits.

For business applications, the architecture easily integrates into an organization’s existing business environment. Rather than using public open source registries, corporate users point their NanoClaw agents to their internal JFrog registries.

This ensures that all agent activities comply with the company’s specific commercial licenses, internal security policies, visibility requirements, and governance standards.

As AI continues to blur the line between human intent and machine execution, the infrastructure that protects that execution must evolve. This partnership acknowledges an important truth: you can’t train AI to correctly identify all zero-day vulnerabilities; instead, you must create an environment where the agent cannot access the vulnerability in the first place.