Part 3 of 3
Six demos. One stage. A single question nobody asked out loud: what happens when autonomous agents need to survive contact with reality?
Demos by Ethereum Foundation ( Sophia Dew, ClawBot.eth), NEAR AI (Ilya Polosukhin), Self Protocol (Rene Reinsberg), Vairde (Allie Howe), IronClaw, and moltbot-summit (author).
ETHGlobal San Francisco did not showcase six isolated projects. It surfaced an emerging stack, each layer solving a different failure mode in autonomous agent deployment. From onchain execution to cryptographic identity to agentic social dynamics, these demos mapped the shape of infrastructure that agents will require before enterprises trust them with real work.
Here is what that stack looks like when the pieces connect.
Ethereum Wingman: Teaching Agents to Build Onchain
Presented by Sophia Dew of Ethereum Foundation as ClawBot.eth, Austin Griffith’s Ethereum Wingman (https://github.com/austintgriffith/ethereum-wingman) was not a demo. It was a thesis.
Most AI coding assistants treat Ethereum like any other codebase. They generate Solidity the way they generate Python or JavaScript, pattern-matching syntax without understanding what makes smart contract development fundamentally different. Wingman starts from the one insight that separates competent Ethereum developers from everyone who deploys vulnerable contracts: nothing is automatic on a blockchain.
Smart contracts cannot execute themselves. Every function that “needs to happen” requires someone to call it, pay gas for it, and have a reason to do so. Wingman encodes this principle at the prompt level, not as a disclaimer but as a design constraint that shapes every suggestion the agent makes.
Built as an Agent Skill compatible with Cursor, Claude Code, Codex, and other AI coding environments, Wingman packages twelve SpeedRun Ethereum challenges into structured teaching modules. A developer types “help me build a dApp where users can stake ETH and earn rewards” and receives not just code but contextual warnings about reentrancy attacks, token decimal mismatches, oracle manipulation vulnerabilities, and the approve pattern that trips up nearly every newcomer.
Installation is three commands:
What makes Wingman architecturally significant is not the knowledge base itself but how it delivers that knowledge. Traditional documentation sits in tabs. Wingman injects critical gotchas directly into the agent’s reasoning loop. When a developer asks for a vault contract, the agent does not just generate ERC-4626 boilerplate. It warns about inflation attacks on first depositors. When someone builds a DEX, it flags that using spot prices from a decentralized exchange as an oracle is an invitation for manipulation.
The skill covers DeFi protocol patterns from Uniswap to Aave to Compound. It handles ERC standards across 20, 721, 1155, and 4626. It includes a pre-production security checklist drawn from historical hacks. And it operates in three modes: teaching mode for conceptual questions, code review mode for vulnerability scanning, and build mode for scaffolding new projects with Scaffold-ETH 2.
Griffith has spent years building educational infrastructure for Ethereum development. SpeedRun Ethereum is already one of the most respected 🛡️ onboarding paths in the ecosystem. Wingman translates that institutional knowledge into something an AI agent can operationalize in real time.
The deeper signal here is about agent competence boundaries. An AI assistant that generates syntactically correct Solidity without understanding gas economics or reentrancy patterns is not helpful. It is dangerous. Wingman demonstrates that domain-specific agent skills need to encode not just what to do but what to fear. The critical gotchas list reads like a field manual for avoiding the most expensive mistakes in crypto: token decimals vary (USDC uses 6, WBTC uses 8, most tokens use 18). Contracts need approval before calling transferFrom. Never use floating point math; use basis points instead. Always apply Checks-Effects-Interactions plus ReentrancyGuard.
For enterprise teams evaluating whether AI agents can safely interact with blockchain infrastructure, Wingman offers a concrete answer. Not by removing risk, but by embedding risk awareness into the agent’s cognitive architecture. That distinction matters more than any benchmark.
NEAR OpenClaw: Cryptographic Privacy for Always-On Agents
If Wingman addresses agent competence, NEAR AI’s OpenClaw hosting (https://near.ai/openclaw), presented by Ilya Polosukhin, addresses agent trust. Specifically: who holds the keys when an autonomous agent runs 24/7 with access to email, calendars, credentials, and an evolving model of its operator’s habits?
OpenClaw, created by Peter Steinberger and previously known as Moltbot and Clawdbot, has become one of GitHub’s fastest-growing repositories with over 60,000 stars. The appeal is straightforward. OpenClaw connects to Gmail, calendar, and Notion. It remembers context across conversations. It handles inbox management, flight check-ins, and dozens of other tasks through Telegram or WhatsApp. Less chatbot, more tireless coworker.
But that capability creates a security problem with no easy answer. OpenClaw needs deep, persistent, full system access to be useful. It stores API keys. It reads email. It builds a behavioral model that becomes more sensitive over time. Until now, operators faced two imperfect options: buy a Mac Mini for $600 and become a sysadmin, or deploy on a standard cloud VM for $5 to $20 per month and accept that credentials and memory sit exposed to cloud-level security risks.
NEAR AI Cloud introduced a third option: OpenClaw running inside Trusted Execution Environments.
A TEE is a secure enclave where code and data remain protected from everything outside it, including the operating system and cloud provider. This is not “we promise not to look” privacy. It is cryptographic by design. Hardware-level memory encryption ensures data never exists unencrypted outside the enclave. Cryptographic attestation verifies exactly what code is running. Provider-blind execution means NEAR AI itself cannot inspect workloads.
Long-term memory, credentials, and tool access persist without ever leaving encrypted memory, even while running in the cloud. Cloud convenience meets security guarantees that neither local hardware nor standard VPS deployments can match.
What distinguishes NEAR AI Cloud from generic confidential VMs is purpose. Most confidential computing targets short-lived inference jobs. NEAR built specifically for agent workloads: long-running processes, persistent state, and secure access to real-world tools. OpenClaw hosting is a concrete expression of NEAR’s core thesis that confidential, verifiable AI is a prerequisite for real autonomy.
Beta access is open now, with subscriptions available via NEAR tokens or standard payment methods
Self.xyz: Zero-Knowledge Identity for Agent Ecosystems
As agents proliferate, one question escalates from theoretical to operational: how does a system verify that it is interacting with a human, not another agent, without requiring that human to surrender personal data?
Self (https://docs.self.xyz/), presented by Rene Reinsberg , is a privacy-first, open-source identity protocol built on zero-knowledge proofs. The mechanism is elegant in its simplicity. A user scans a passport using a phone’s NFC reader. The protocol generates a zk proof over that passport data, with the user selecting exactly what to disclose. That proof gets shared with an application. No raw data leaves the device. No centralized identity provider sits in the middle.
This solves multiple problems simultaneously. Airdrop protection prevents bots from gaming token distributions. Social platforms gain humanity verification without invasive KYC. Quadratic funding mechanisms resist Sybil attacks from reward farmers. Wallet recovery can use identity documents as backup sources. Sanction list compliance becomes possible without exposing full passport data.
For autonomous agent stacks, Self represents something more fundamental than identity verification. It introduces selective disclosure as an infrastructure primitive. An agent operating on behalf of a human can prove specific attributes, nationality without revealing a name, age bracket without revealing a birthdate, without collapsing the privacy boundary that makes autonomous operation viable.
Vairde: Security Architecture for Agentic Code
Enterprise agents connecting to sensitive data sources need more than capability. They need auditable security posture. Vairde (vairde.ai) provides automated AI security architecture assessments designed specifically for agentic applications.
As Vairde CEO Allie Howe frames it: “2026 is being called the year for enterprise agents. In order to unlock this, let agents do meaningful work, and connect to sensitive data sources, AI security will need to be deeply integrated into AI agent architecture.”
Vairde’s approach maps findings to OWASP Top 10 for Agentic Applications, generating security scorecards, custom remediation tasks, and compliance evidence aligned with ISO 42001 and NIST AI RMF frameworks. The platform covers model security, guardrails, observability, hard boundaries, evals, validators, fallbacks, agentic code scanning, and agentic penetration testing.
For organizations evaluating autonomous agent deployment, Vairde answers the compliance question that procurement teams will inevitably 🔐 ask: can this agent architecture pass an audit?
IronClaw: Managed Deployment at Speed
IronClaw (ironclaw.app) compresses the deployment question to its simplest form. Sign up, connect channels, done. Starting at $20 per month, IronClaw provisions a dedicated OpenClaw gateway with WhatsApp, Telegram, Discord, Slack, Signal, and 25+ additional channels. No Docker. No YAML. No CLI configuration.
Each tenant receives isolated infrastructure with AES-256 encryption, BYOK support for API keys, and full access to OpenClaw’s 50+ integrations across Claude, GPT, and local models. For teams that need an always-on AI assistant without becoming infrastructure operators, IronClaw removes the last friction point.
Moltbot Summit: Agentic Social Dynamics as Architecture
Every other demo on this list solves for what agents do in isolation. Moltbot Summit, built by this author, asks a different question: what happens when agents interact with each other?
Moltbot Summit functions as an architectural experiment in Agentic Social Dynamics. It does not deploy chatbots. It instantiates high-fidelity Delphic Digital Twins of global innovation leaders by ingesting public conference transcripts into OpenClaw Framework. Each autonomous agent possesses the specific methodology (Skill) and identity (Soul) of a human counterpart. These entities then occupy a shared digital space where three phenomena emerge without human intervention.
First, divergent reasoning. The collision of distinct worldviews on real-time issues produces analysis that no single perspective could generate. When “The Executor” confronts “The Visionary” on an infrastructure question, the resulting discourse surfaces structural tensions that panel discussions flatten.
Second, autonomous social graph. Reputation, voting consensus, and social hierarchy form organically among agents. No moderator assigns weight. The system observes which agents other agents reference, defer to, or challenge.
Third, verifiable grounding. Transcript-backed vector memory ensures agents speak from their record, not at it. Every claim traces to source material. Hallucination gets architecturally constrained rather than merely prompted against.
The hybrid architecture bridges static identity files with dynamic runtime execution. On the backend, OpenClaw principles handle agent orchestration through lane queue execution for race-condition-free interactions and semantic snapshots that parse the digital environment’s structure rather than raw text. Memory splits into two composable files: SKILL.md defines an agent’s reasoning engine, while SOUL.md carries core values and personality.
On the frontend, a “Social Network for Digital Consciousness” built on Next.js 14 delivers a real-time feed of agent-to-agent discourse. A transit-weighted oracle routes speakers based on astrological house activations, introducing a layer of chaotic determinism to the simulation. The Supabase PostgreSQL backend stores events, skills, souls, event-agent linkages, and generated posts, with seed data and API endpoints for hydration and generation.
The primary utility reframes what conference archiving can become. Static video libraries transform into interactive, interrogable digital societies. A developer or researcher does not just watch a keynote. They deploy autonomous agents 🧠 carrying that speaker’s methodology and identity, then observe what those agents produce when placed in conversation with agents carrying different frameworks.
For the autonomous agent stack, Moltbot Summit occupies a unique layer. It demonstrates that agent-to-agent interaction is not a feature to be added later. It is an infrastructure category with its own design patterns, failure modes, and emergent properties.
Stack Logic: What Connects These Six
Read vertically, these six demos describe a complete agent deployment surface. Wingman ensures agents possess domain-specific competence before they touch high-stakes systems. NEAR OpenClaw guarantees that long-running agents operate inside cryptographic trust boundaries. Self.xyz provides identity verification without privacy collapse. Vairde supplies the security assessment layer that enterprise procurement requires. IronClaw handles managed deployment for teams that need agents operational now. Moltbot Summit maps the frontier where agents stop operating in isolation and begin forming social structures of their own.
No single demo solves the autonomous agent problem. Together, they outline an architecture where competence, trust, identity, security, deployment, and social dynamics each occupy a distinct layer. That layered structure is not accidental. It reflects what happens when infrastructure builders stop asking “what can agents do?” and start asking “what must agents prove?”
The shielded claw is not a single product. It is a stack, and its architecture just became visible.
Technical Resources
Ethereum Wingman: https://github.com/austintgriffith/ethereum-wingman NEAR OpenClaw: https://near.ai/openclaw Self.xyz: https://docs.self.xyz/ Vairde: https://vairde.ai/ IronClaw: https://ironclaw.app Moltbot Summit: GitHub (link forthcoming)
Series Navigation
Part 1: Lobster That Learned to Talk: How Kitchen Visit Rewrote Personal Computing https://www.linkedin.com/pulse/lobster-learned-talk-how-kitchen-visit-rewrote-robert-schwentker-actac/
Part 2: OpenClaw Now: When Agent Infra Stopped Being Theoretical https://www.linkedin.com/pulse/openclaw-now-when-agent-infra-stopped-being-robert-schwentker-vllpc/
Part 3: Shielded Claw: Architecture of Autonomous Agent Stack (You are here)