Control who can use your agents

Who can use an agent depends on where the agent lives. Local agents are private to the machine they're on. Cloud agents belong to a workspace and follow workspace roles.

Local agents

A local agent is only accessible on the machine where it was created. If you log in from a different device, your local agents won't appear there. No other workspace member can access a local agent through MultiClaw. To protect local agent data at the OS level, secure your device with a strong login password and full-disk encryption.

Use local agents for personal tasks you don't need to share.

Cloud agents

Cloud agents are shared across your workspace and synced to all devices. Access is controlled by workspace roles, not by individual agent settings.

Workspace owners and admins manage roles in MultiClaw Cloud under Settings → Members. There is no per-agent permission system — access is workspace-role-based.

Set guardrails for everyone

Guardrails are restrictions that apply to all agents in your workspace, regardless of who runs them. They are the workspace owner's mechanism for enforcing policy at the organization level.

Configure guardrails in MultiClaw Cloud → Settings → Guardrails. Examples of what guardrails can enforce:

• Require approval before an agent sends any external message
• Block agents from accessing specific domains or file paths
• Limit agents to read-only actions in certain tools

Guardrails cannot be overridden by individual agents or by members. If an agent's plan is blocked by a guardrail, the agent will note this in the conversation and will typically identify which rule applied. For a full audit of guardrail enforcement, review activity logs in MultiClaw Cloud.