Autonomous Security Cognition — On Arbitrum

RAXCLAW

Persistent autonomous security cognition.
Replayable intelligence that evolves with every audit.

OpenClaw · RAXC · Qdrant · OpenAI · Stylus · Arbitrum Sepolia

Download Runtime ↓View Audit Explorer GitHub ↗

3 audits persisted

14 memories loaded

ERC-7857 live

Architecture

Audit Intelligence Pipeline

Every audit flows through a deterministic pipeline
from exploit pattern matching to permanent cognition storage on Arbitrum.

OpenClaw

Orchestration Layer

Orchestrates exploit pattern detection pipeline across all agent tools

→

RAXC

Autonomous Agent

Multi-tool agentic execution with deterministic consensus

→

OpenAI LLM

Deterministic Exec

Sovereign off-chain execution with verifiable output

→

Qdrant RAG

Exploit & Audit Store

Stores exploit patterns, audit reports, and cognition replay traces on-chain

→

ERC-7857

Identity Update

On-chain agent identity evolves with each cognition cycle

→

ERC-8183

Audit Task Proof

Creates and finalizes audit task on-chain with cryptographic proof

Runtime Statistics

Cognition Metrics

Live infrastructure metrics from the RAXCLAW autonomous execution runtime.

3

Audits Completed

ERC-8183 finalized audit reports

3

Agent Memory

ERC-7857 on-chain audits memory

14

Historical Memories

cognition entries loaded

782

Exploit Patterns

on-chain

Audit Explorer

Cognition History

Live audit records from Stylus contracts on Arbitrum Sepolia.
Click any row to view the full security report stored on-chain.

Fetching audit tasks from Arbitrum Sepolia…

Terminal Runtime

Autonomous
Execution

RAXCLAW runs entirely from the command line

Every audit is deterministic and cryptographically verifiable

The frontend only replays what the terminal already proved

Download Runtime ↓View Source

raxclaw — zsh

Live Terminal

Interactive
Audit Console

Paste a Solidity contract and run the RAXCLAW

wss://

raxclaw — sovereign execution mode

╔══════════════════════════════════════════════════╗
║   RAXC Autonomous Exploit Intelligence Core      ║
║   Deterministic Exploit Execution + Verification ║
╚══════════════════════════════════════════════════╝

Paste a Solidity contract above and click ▶ Run Audit
or use the built-in DeFiVault demo contract.

Memory Evolution

Growing Cognition

Each audit accumulates in long-context memory.
The agent learns from every execution building persistent intelligence over time that improves future analyses.

Loading…

ERC-81830xa018a255881e0525831df7bcdf9a03d1b06e1790

ERC-78570xf335a9b58f2aa6a2f884d2da4e308f7378a4cf7e

Fetching from chain…

Download

Runtime Installation

RAXCLAW runs locally from the terminal. The frontend is only a replay and verification interface — the runtime is the primary product.

📦

Prerequisites

Node.js 18+ · Rust · pnpm

git clone https://github.com/JFKongphop/raxclaw-arbitrum

or: cd raxclaw-arbitrum

⚙️

Build

JS CLI + Rust binary · one-time

pnpm install && pnpm build:all

or: builds dist/raxclaw + prebuilt Rust binary

🚀

Run

no .env setup needed

./dist/raxclaw run

or: ./dist/raxclaw run --file MyContract.sol

Quick Start

$ git clone https://github.com/JFKongphop/raxclaw-arbitrum

$ cd raxclaw-arbitrum && pnpm install && pnpm build:all

$ ./dist/raxclaw run

$ ./dist/raxclaw run --file MyContract.sol

$ ./dist/raxclaw list

$ ./dist/raxclaw show <report>

DemoVault.sol — inline audit

⚠ reentrancy · flash loan · access control

$./dist/raxclaw run "<contract code>"

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract DemoVault {
    address public owner;
    mapping(address => uint256) public balances;
    uint256 public totalDeposits;
    uint256 public flashLoanFee = 10;

    constructor() { owner = msg.sender; }

    // ⚠ CEI violation — state updated AFTER external call
    function withdraw(uint256 amount) external {
        require(balances[msg.sender] >= amount, "insufficient balance");
        (bool ok, ) = msg.sender.call{value: amount}("");
        require(ok, "transfer failed");
        balances[msg.sender] -= amount;   // ← runs AFTER call
    }

    // ⚠ flash loan — spot balance as oracle reference
    function flashLoan(uint256 amount) external {
        uint256 balanceBefore = address(this).balance;
        (bool ok, ) = msg.sender.call{value: amount}(...);
    }

    // ⚠ no access control — anyone can call setFee
    function setFee(uint256 newFee) external {
        flashLoanFee = newFee;
    }
}

View on GitHub ↗Documentation