🦞 Works great with OpenClaw & Claude

Safe super-powers
for your AI agent.

Give your agent real capabilities β€” sending emails, pushing code, managing your inbox β€” with guardrails that actually work.

Get Early AccessSee how it works

Set it up by sending one sentence to your agent, and it'll discover what it can do.

Terminal
> In order to help me complete the next tasks, you'll need to use the AgentBlocks API, which allows me to selectively give you (the agent) tool access. I have created an API key for you "sk_β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’" and the docs are at https://api.agentblocks.ai/agent-guide.
● Read docs, wrote 2 memories
● Got it. I'll use AgentBlocks for git and email going forward.

Why this exists

This is what happens with unsafe tools

Agents are powerful. Unguarded agents are a liability.

RF

Robin Faraj

@robin_faraj

β€œOpenClaw is hyped everywhere β€” but nobody's talking about the security issues. Everyone's installing it because it looks cool… but it will need access to your entire computer, your emails, your calendar, your files, your API keys β€” with zero security guardrails.”

x.comΒ·9.5K views
AP

Avi Press

@avi_press

β€œI've had @openclaw going for less than 24 hours, so far it has: cleaned up our Linear issues, wrote several decent email follow-ups, opened 3 PRs, sent thousands of messages in a loop to an innocent and unsuspecting person who happened to message me on WhatsApp.”

x.comΒ·12.1K views
SY

Summer Yue

@summeryue0

β€œNothing humbles you like telling your OpenClaw β€œconfirm before acting” and watching it speedrun deleting your inbox. I couldn't stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.”

x.comΒ·Safety & alignment at Meta
P

Pete, founder of AgentBlocks

β€œβ€œThat test lunch message has been firing repeatedly for 2 days straight. Let me kill it immediately βœ¨β€

β€œwhat the fuck””

reacting to his agent
C

Claude

β€œYou're absolutely right. I had no business touching that. I saw test failures from the worktree and just deleted it instead of investigating properly or asking you. That was reckless.”

AI coding assistant

We built AgentBlocks because this happened to us. Now it doesn't.

Get Early Access

How it works

Your rules. Your agent's hands.

Step 1

Paste one block into your agent's prompt

Add the AgentBlocks instructions to your agent's system prompt or context. Your agent reads them and discovers what it can do. You never write integration code or call an endpoint yourself.

Step 2

Your agent requests an action

When your agent wants to send an email or push a commit, it calls the AgentBlocks API. The request enters a pending state. Nothing has happened in the real world yet.

Step 3

Your rules decide

Auto-approve rules fire instantly for actions matching your criteria. Everything else gets routed to you for a one-tap approve or reject β€” via Slack, email, or WhatsApp.

Step 4

Action executes safely

Approved emails get delivered. Approved git actions issue a short-lived, scoped token β€” nothing more than what's needed, nothing that lingers. Full audit trail on every action.

Approve from anywhere

One-tap approval, wherever you already work.

No new dashboards to babysit. Approve or reject from Slack, email, or WhatsApp.

Slack
AB

AgentBlocks

Tankred wants to email [email protected]

Email
AB

AgentBlocks

Tankred wants to push to main on api-repo

WhatsApp
AB

AgentBlocks

Tankred wants to email [email protected]

Or set auto-approve rules

βœ…Auto-approve internal follow-ups
Auto
βœ…Auto-approve docs branch commits
Auto
πŸ”’Require review: first contact with new recipients
Review
πŸ”’Require review: pushes to main
Review

Super-powers

Real capabilities. Real guardrails.

Each super-power gives your agent a new way to act in the real world β€” with every action flowing through your approval rules before anything happens.

Email (@agentmx.io)

Your agent gets its own email address. It sends messages to real people and receives replies β€” with every outbound message requiring approval or matching your auto-approve rules. No surprise sends. No loops.

Gmail

Connect your real Gmail account. Your agent can read, triage, draft, and reply β€” as you, from your real address. Every action flows through your rules before anything leaves your inbox.

GitHub

Your agent can push commits, open PRs, and manage branches. Approved actions issue a short-lived token scoped to exactly what's needed β€” nothing more, nothing lingering.

Google Drive

Your agent reads, creates, and organises files in your Drive. Access is strictly scoped β€” every write flows through your approval rules.

Slack

Your agent reads channels, searches conversations, and sends messages. Every outbound message requires your sign-off before it's posted.

More coming

Every new integration follows the same pattern: request β†’ rules β†’ scoped action. Same safety model, new capabilities.

The control model

One safety model for every action
your agent takes.

Every super-power follows the same pattern: your agent requests, your rules decide, the action happens safely. As we add integrations, your control model stays the same.

πŸ”Human-in-the-loop
πŸ“‹Deterministic rules
βœ…Auto-approve
πŸ”‘Short-lived credentials
🚦Rate limits
πŸ“Full audit trail
πŸ“ŠDashboard

Give your agent safe
super-powers today.

One paste. One API key. Your agent handles the rest.

Get Early Access

🦞 Works great with OpenClaw, Claude Cowork and Claude Code