Sammā Suit by OneZeroEight

CVE-2026-25253

1-Click Remote Code Execution

Control UI trusts gatewayUrl from query strings without validation. A single malicious link gives an attacker operator-level access to your gateway — disabling sandbox, modifying config, executing arbitrary code.

Source: DepthFirst / The Hacker News • Feb 2026

CLAWHAVOC CAMPAIGN

341 Malicious Skills

Koi Security found 335 skills delivering Atomic Stealer malware via fake utility tools. ClawHub's only barrier: a GitHub account one week old. Stolen: API keys, wallet keys, SSH credentials, browser passwords.

Source: Koi Security / The Hacker News • Feb 2026

COST OVERRUN

$20/Night While You Sleep

Heartbeat cron jobs sending 120,000 tokens of context per time check. $0.75 per check, 25 checks per night. Projected $750/month — just for reminders. No budget caps, no throttling, no alerts.

Source: Benjamin De Kraker / The Register • Feb 2026

ZERO GOVERNANCE

No Permissions, No Audit, No Rollback

One monolithic agent with full system access. No role separation, no activity logging, no state snapshots. If your agent goes rogue at 3 AM, you find out when the damage is done.

Source: Gartner, China NVDB, IBM • Feb 2026

1

Origin validation, TLS 1.3, WebSocket auth, rate limiting

⬡ Power Suit — base armor Enforced

2

Role-based agent scoping — email ≠ shell ≠ browser ≠ files

⬡ Varia Suit — environmental protection Enforced

3

Allowlist-based skill gating with AST static analysis for dangerous imports

⬡ Gravity Suit — pressure resistance Enforced

4

Per-agent monthly budgets with hard ceiling, pre-call budget checks, spend tracking

⬡ Energy Tanks — resource management Enforced

5

Full activity logging with token counts, cost tracking, and layer enforcement trace

⬡ Scan Visor — full awareness Enforced

6

Cryptographic agent signing, no spoofing, verified communication

⬡ Morph Ball — controlled transformation Enforced

7

Per-agent resource limits, subprocess sandboxing, egress allowlists with wildcard support

⬡ Screw Attack — offense + defense Enforced

8

State snapshots, 1-click rollback, kill switch with auto-snapshot on termination

⬡ Reserve Tank — last resort Enforced

🔌

OpenClaw Plugin

Already using OpenClaw? Add Sammā Suit as a plugin.

openclaw plugins install samma-suit

Adds governance layers (budget, permissions, audit, kill switch) to your existing deployment. SANGHA, KARMA, DHARMA, SILA, METTA, BODHI, and NIRVANA — as OpenClaw lifecycle hooks.

✓ Verified compatible: openclaw plugins doctor

Plugin docs → View on ClawHub →

🛡️

Standalone Platform

Full security stack. Gateway to kill switch.

Everything the plugin does, plus: SUTRA gateway protection, managed dashboard, skill marketplace, hosted infrastructure, and Stripe billing.

pip install samma-suit

Quick start →

🇮🇸

Managed Hosting

We run it for you. Iceland.

All 8 layers managed. GDPR jurisdiction. Geothermal powered. Outside US CLOUD Act reach. Dashboard, alerts, and support included.

COMING SOON — JOIN WAITLIST

info@sammasuit.com →

FREE / OSS

$0

forever

• Open-source Sammā Suit SDK
• Eight-layer reference implementation
• Community support
• Self-managed infrastructure

View on GitHub

PRO

$29/mo

per instance

🇮🇸 Hosted in Iceland • GDPR protected • 100% renewable energy

• Managed Sammā Suit (all 8 layers)
• Allowlist-based skill gating
• Bring Your Own Key (BYOK)
• Custom budget ceiling per agent
• Cost control dashboard
• Audit log viewer + alerts
• Up to 5 agents
• Email support

Get Started

TEAM

$99/mo

per workspace

🇮🇸 Hosted in Iceland • GDPR protected • 100% renewable energy

• Everything in Pro
• Bring Your Own Key (BYOK)
• Custom budget ceiling per agent
• Shared governance policies
• Centralized admin dashboard
• Up to 25 agents
• Priority support

Get Started

ENTERPRISE

Custom

talk to us

• Everything in Team
• SSO / SAML
• Compliance reporting
• Custom policy engines
• Unlimited agents
• Dedicated SLA

Talk to Sales