PhysiClaw — OpenClaw for Physical AI
PhysiClaw is an implementation of OpenClaw (open-source skill protocol for AI) applied to physical AI systems — robots, drones, and IoT devices that interact with the physical world.
Overview
OpenClaw is an open-source protocol for decomposing complex AI tasks into verifiable skills. PhysiClaw extends this framework to physical AI — robots that manipulate objects, drones that navigate spaces, and IoT devices that sense and actuate in the real world.
The challenge with physical AI is trust: How do you verify that a robot actually performed a task? How do you authenticate that a device is authorized to act? How do you fairly compensate work-based execution without relying on centralized intermediaries?
PhysiClaw uses Tenzro's TEE attestation, ZK proofs, and machine identity infrastructure to create a verifiable, trustless system for physical AI execution and settlement.
The Challenge
Physical AI systems introduce three critical trust problems that don't exist in purely digital AI:
Verifiable Execution
How do you prove a robot actually picked up an object, a drone surveyed a location, or a sensor recorded accurate data? Video can be faked. Logs can be forged. Traditional systems rely on trusting the device operator.
Secure Identity
Is this the authorized device? Has it been tampered with? Physical devices can be cloned, their firmware modified, or their communication hijacked. Standard authentication doesn't provide hardware-level guarantees.
Trustworthy Settlement
Pay for completed work, not promised work. If a delivery robot fails halfway, payment should be proportional. If a drone doesn't complete its route, the customer shouldn't pay full price. Escrow needs verifiable proof of task completion.
PhysiClaw needed infrastructure that could cryptographically verify physical execution, authenticate hardware identity, and settle payments based on provable work — all without requiring trusted intermediaries.
The Solution
PhysiClaw leverages four core Tenzro subsystems to create a complete trust infrastructure for physical AI:
TEE Attestation
Physical AI devices run in Trusted Execution Environments (NVIDIA GPU Confidential Computing, Intel TDX, AMD SEV-SNP). Hardware generates cryptographic attestations proving code integrity and execution context. A drone's flight path, a robot's sensor readings, or a manipulator's actions are attested by the TEE — tamper-proof and verifiable.
ZK Proofs for Inference Verification
AI model outputs (object detection, path planning, action classification) are proven with ZK-SNARKs. This ensures the device ran the correct model with the correct inputs without revealing proprietary model weights or sensor data. GPU-accelerated proving enables real-time verification.
TDIP Machine Identities
Every physical device gets a did:tenzro:machine DID bound to its TEE attestation. This creates unforgeable hardware identity — you can verify this specific device (not a clone) performed the task.
Settlement Engine
Escrow-based settlement with proof release. Payment is held in escrow; released only when the device submits TEE attestation + ZK proof of task completion. For multi-step tasks, settlement is atomic across all sub-skills using Tenzro's batch processor.
Architecture
PhysiClaw's execution flow integrates OpenClaw skill definitions with Tenzro's verification and settlement infrastructure:
┌──────────────────────────────────────┐
│ OpenClaw Skill Definition │
│ (pick_object, navigate, survey) │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Task Assignment │
│ (escrow funds locked) │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Physical AI Device │
│ (did:tenzro:machine:{uuid}) │
│ │
│ ┌────────────────────────────────┐ │
│ │ Tenzro Agent Runtime │ │
│ │ (running in TEE) │ │
│ │ │ │
│ │ ┌──────────────────────────┐ │ │
│ │ │ AI Model Inference │ │ │
│ │ │ (object detection, nav) │ │ │
│ │ └──────────────────────────┘ │ │
│ │ │ │
│ │ ┌──────────────────────────┐ │ │
│ │ │ Physical Execution │ │ │
│ │ │ (actuators, sensors) │ │ │
│ │ └──────────────────────────┘ │ │
│ └────────────────────────────────┘ │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ TEE Attestation Report │
│ (hardware proof of execution) │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ ZK Proof Generation │
│ (GPU-accelerated Groth16) │
│ Proves: model(input) = output │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Submit Proofs to Tenzro Ledger │
│ (TEE attestation + ZK proof) │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Verification & Settlement │
│ (escrow released on valid proofs) │
└──────────────────────────────────────┘OpenClaw Skill Decomposition: Complex tasks (e.g., "deliver package") decompose into verifiable sub-skills (navigate to waypoint, verify package identity, confirm delivery). Each sub-skill has a corresponding proof requirement.
TEE Execution: The Tenzro Agent runtime executes within a TEE (NVIDIA GPU enclave for GPU-accelerated AI, or Intel TDX/AMD SEV-SNP for CPU workloads). The TEE generates an attestation report binding the device identity, code hash, and execution outputs.
Hybrid ZK-in-TEE Verification: ZK proofs demonstrate correct AI inference (the model actually produced this output from this input), while TEE attestation proves the physical device executed the code. Together, they create a complete trust chain from sensor input to settlement.
Atomic Multi-Skill Settlement: For tasks with multiple sub-skills, Tenzro's batch settlement processor ensures all-or-nothing payment. If any sub-skill fails verification, the entire escrow reverts.
Key Features
Verified Physical Task Execution via TEE Attestation
Hardware-generated attestations prove that a specific device, running specific code, performed a physical action. Attestations include sensor readings, actuator commands, and execution timestamps — all cryptographically signed by the TEE.
Machine Identity with did:tenzro:machine DIDs
Every physical AI device has a unique DID anchored to its TEE public key. This prevents device cloning and enables revocation if a device is compromised. DIDs can be autonomous or controller-linked (e.g., a fleet of drones controlled by a single operator DID).
Skill-Based Task Decomposition Following OpenClaw Protocol
Tasks are broken into composable, verifiable skills defined by the OpenClaw standard. Each skill has input/output specifications and proof requirements. This enables modular verification and payment — pay per skill, not per device.
Per-Action Settlement with Escrow Release on Proof Submission
Payment is held in escrow and released only when the device submits valid TEE + ZK proofs. For multi-action tasks, each action can have its own escrow tranche, enabling partial payment for partial completion.
GPU-Accelerated ZK Proof Generation for Real-Time Verification
Tenzro's GPU proving engine generates Groth16 proofs in real-time on NVIDIA GPUs (Hopper, Blackwell, Ada Lovelace architectures). This enables verification of every inference step without batching delays — critical for time-sensitive physical tasks.
Example Use Cases
Autonomous Delivery Robots
Robot navigates to delivery address, verifies package handoff, submits TEE attestation of GPS path + camera confirmation. Escrow releases payment only with valid proof.
Drone Infrastructure Inspection
Drone surveys a bridge, captures thermal images, runs defect detection AI model, generates ZK proof of inference results. Payment proportional to area surveyed.
Robotic Manufacturing Quality Control
Robot arm inspects parts on assembly line, runs vision AI to classify defects, tags failed units. TEE proves inspection protocol compliance, ZK proves model accuracy.
IoT Environmental Monitoring
Sensor network measures air quality, water levels, or temperature. TEE attestation proves sensor authenticity and data integrity. ZK proves anomaly detection AI ran correctly.