Launch
Chloros Agent
Visit
Premium
Example Image

Chloros Agent

The runtime security gate for your AI agents

Visit

AI agents don't just answer anymore — they act. They send emails, move money, delete files, and install packages. The moment an agent can do something irreversible, one bad instruction becomes a real problem with no undo.

Chloros is a gate that sits outside your agent and checks every action before it fires:

- Reversible actions run — logged, never in your way

- Irreversible ones (money, sends, deletes) wait for your approval

- Clearly dangerous ones (leaking keys, mass deletes) get blocked

The gate is deterministic — it checks the action, not the agent's reasoning — so a malicious email or prompt injection can't talk it out of doing its job. Chloros also scans skills and packages before you install them, keeps secrets in an encrypted vault the agent never sees, and includes a kill switch.

Built solo, for the individual operator running their own agents — not just the enterprise. Free tier available: one agent, no card.

Example Image
Example Image
Example Image
Example Image
Example Image

Features

- Runtime action gate — every agent action is checked before it fires: reversible ones run, irreversible ones (money, sends, deletes) wait for your approval, dangerous ones are blocked

- Skill & package scanner — catches malicious code and hidden instructions in skills/packages before you install them

- Encrypted vault — stores credentials scoped per agent, kept out of the agent's context so a leaked prompt can't leak a key the agent never saw

- Kill switch — stop one agent or all of them instantly

- Time Machine (rewind) — walk back what an agent did and recover from a bad run

- Data-leak tripwire — watches for PII and secrets leaving through an agent's actions

- Live operations view — see every agent's actions flow through the gate in real time (allowed, held, blocked)

- Phone + Telegram alerts — get notified the moment something needs your approval

Use Cases

- Stopping prompt-injection attacks — a malicious email or web page tells your agent to send money or leak data; the gate holds the irreversible action before it fires, even though the agent was fooled

- Running coding agents unattended — let an agent work through tickets and installs while the gate blocks dangerous package installs, mass deletes, and anything that touches production

- Catching malicious packages & skills — scan a skill or dependency before your agent installs it, catching slopsquatted packages and hidden instructions before postinstall runs

- Giving agents access to real tools safely — expose an agent to email, payments, or file operations without giving it free rein; destructive actions pause for your approval

- Keeping credentials out of the agent — store API keys and secrets in the vault so the agent uses them without ever seeing them, so a leaked prompt can't leak a key

- Recovering from a bad agent run — when an agent does something wrong, rewind to see exactly what happened and walk it back

- Killing a misbehaving agent instantly — hit the kill switch to stop one agent or all of them the moment something looks off

Comments

I kept watching AI agents get talked into doing things they shouldn't — a poisoned email or web page telling an agent to send money or leak data, and the agent just doing it because it was trying to be helpful. Putting a rule in the prompt doesn't hold; the model reasons right past it. So I built the enforcement layer outside the agent, where it can't be argued with. It's early and I'm solo — genuinely want feedback from other people running their own agents on where it holds up and where it doesn't.

Premium Products
Social Links

Comments

I kept watching AI agents get talked into doing things they shouldn't — a poisoned email or web page telling an agent to send money or leak data, and the agent just doing it because it was trying to be helpful. Putting a rule in the prompt doesn't hold; the model reasons right past it. So I built the enforcement layer outside the agent, where it can't be argued with. It's early and I'm solo — genuinely want feedback from other people running their own agents on where it holds up and where it doesn't.

Premium Products