The creators of the successful, open-source, enterprise-friendly OpenClaw variant nanoclaw are partnering with the leader in software supply chain management JFrog They are due to release a new joint security integration that they say will protect autonomous NanoClaw agents from malicious code injection.
"These agents are doing things that you can’t necessarily control, and you can’t necessarily train," said Gal Marder, chief strategy officer at JFrog, in an exclusive interview with VentureBeat.
Available immediately, the partnership connects NanoClaw agents directly to JFrog’s vetted software registries, ensuring that AI assistants can only extract safe, scanned dependencies.
The release addresses a rapidly growing blind spot in the technology: autonomous agents frequently install packages in the background to expand their capabilities, often without the knowledge or supervision of their human operators.
"The people who operate the agents are not necessarily developers and are not even aware of the implications." explained Gavriel Cohen, creator of NanoClaw and CEO and co-founder of his new business services startup, NanoCo AI.
To protect the broader ecosystem, the integration is available completely free of charge to the open source community, while enterprise organizations can seamlessly route their agents through their existing commercially licensed JFrog environments.
The new technical capability enabled by this partnership follows NanoCo’s moves to add permissions dialogs in apps where it is available through a partnership with Verceland a new partnership with Docker to enable NanoClaw Agents run more securely, isolated from other software environments directly within virtual Docker containers.
The risk of current autonomous and personal AI agents
When an operator interacts with an autonomous system like NanoCo’s NanoClaw, they communicate at a high level of abstraction.
A user could simply send an audio file or voice note, asking the agent to independently figure out how to process it.
As Cohen explained, the agent thinks: "Oh, I can’t understand voice memos, so let me grab a package, download something, install it, configure it, and run it.".
This dynamic overtaking makes AI agents incredibly powerful, but also makes them highly susceptible to software supply chain attacks.
Bad actors are increasingly poisoning open source registries with malicious packages. Because agents act autonomously to get what they need, they avoid human scrutiny.
Operators, who may not even be developers, are largely unaware of the security implications developing behind the scenes.
How NanoCo and JFrog are working to prevent agents from executing malicious code
The integration between NanoCo and JFrog acts as an automated immune system for these AI environments.
Inside, NanoClaw agents are now configured to route their requests for software packages, CLI tools, and Model Context Protocol (MCP) servers exclusively through JFrog logs.
If an agent attempts to download a compromised library (such as a vulnerable version of the popular Axios package), the JFrog registry intercepts the request.
Blocks the installation, returning a security policy error to the agent, indicating that the request was "rejected by JFrog registry with a 403 security policy".
Crucially, the system does not simply block the threat; creates a dynamic correction loop. The agent is notified of the vulnerability and guided to automatically find and install an approved, non-malicious version of the requested package.
For large organizations, this integration solves a huge compliance headache. Marder notes that as companies adopt autonomous agents, they require absolute visibility.
Organizations need "a system of logging, we need a place to track which agents run who and consume which packages and use which skills and which MCP," he told VentureBeat.
Beyond visibility, the JFrog integration provides a foundation "trust layer" and strict governance over what these automated systems are allowed to access.
Licenses and accessibility
In the software distribution space, licensing and access parameters dictate adoption. The NanoCo and JFrog partnership uses a two-track approach to serve both individual open source developers and highly regulated companies.
For the open source community, the integration is completely free. JFrog provides open source NanoClaw users with free access to secure, vetted sources of artifacts, tools, and skills.
This allows individual developers to run autonomous agents locally without drowning in manual approval requests for each dependency. Additionally, as community members build and share new "skills" For agents, these contributions are uploaded to the registry, scanned for malicious code, and deleted before anyone else can use them.
This infrastructure directly neutralizes the threat of poisoned community repositories.
For enterprise deployments, the architecture connects seamlessly to an organization’s existing business environment. Instead of using the open source public registry, corporate users direct their NanoClaw agents to their own internal JFrog registry.
This ensures that all agent activity complies with business licenses, internal security policies, visibility needs, and company-specific governance standards.
As AI continues to blur the line between human intent and machine execution, the infrastructure that ensures that execution must evolve. This partnership recognizes a fundamental reality: an AI cannot be trained to perfectly recognize every zero-day vulnerability; instead, you should create an environment in which the agent simply cannot reach the vulnerability in the first place.
