# Security

Security in Claude Code is layered: permission modes set the
baseline, hooks enforce custom rules, and settings.json defines
tool restrictions. This is architecturally different from OpenClaw's
container-based isolation but achieves the same goal: controlled
agent behavior.

## Documents in this directory

| File | What it covers |
|------|---------------|
| `permission-modes-explained.md` | The four permission modes and when to use each |
| `auto-mode-explained.md` | Auto Mode: AI safety classifier for autonomous execution |
| `hook-based-guardrails.md` | Building custom security with PreToolUse hooks |
| `nemoclaw-comparison.md` | Honest comparison with NemoClaw's enterprise security |
| `openclaw-security-assessment.md` | Data-driven security comparison: OpenClaw CVEs vs Claude Code architecture |