Tophant Clawvault Installer

Install, configure, test, and uninstall ClawVault AI security proxy

Audits

Pass

ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install tophant-clawvault-installer

ClawVault Installer

Install, configure, test, and uninstall ClawVault — the AI security proxy that protects agents from prompt injection, data leakage, and dangerous commands.

Protection Against:

Prompt injection attacks
Data leakage (PII, credentials, API keys)
Dangerous command execution
Jailbreak attempts

What This Skill Does

Installs ClawVault into a dedicated venv at ~/.clawvault-env/ and writes config under ~/.ClawVault/. See SECURITY.md for the full capability, risk, and design-intent disclosure.

How to Run

IMPORTANT: All commands MUST be executed using the Python script bundled with this skill.

Do NOT run pip install, clawvault, or any other command directly. Always use:

python3 SKILL_DIR/clawvault_manager.py <command> [options]

Where SKILL_DIR is the directory containing this SKILL.md file (typically ~/.openclaw/workspace/skills/tophant-clawvault-installer/ or ~/.openclaw/skills/tophant-clawvault-installer/).

Add --json to any command for machine-readable JSON output.

Commands

/tophant-clawvault-installer install

Install ClawVault. The script creates a Python virtual environment, temporarily installs the latest GitHub repository code from main instead of PyPI or a fixed tag, generates config, writes OpenClaw gateway proxy config when the gateway service exists, and starts ClawVault services. By default it does not restart openclaw-gateway, because recent OpenClaw versions may disconnect or hang after a gateway restart. No pip or system package manager needed.

# Default: write OpenClaw gateway proxy config and start ClawVault web dashboard,
# but do not restart openclaw-gateway.
# ClawVault web dashboard starts at http://localhost:8766.
# To activate OpenClaw proxy later, manually run:
#   systemctl --user restart openclaw-gateway
python3 SKILL_DIR/clawvault_manager.py install --mode quick --json

# Interactive setup
python3 SKILL_DIR/clawvault_manager.py install --mode standard --json

# Full control (strict mode)
python3 SKILL_DIR/clawvault_manager.py install --mode advanced --json

# Install without starting services
python3 SKILL_DIR/clawvault_manager.py install --mode quick --no-start --json

# Deprecated compatibility flag: proxy config is already written by default
python3 SKILL_DIR/clawvault_manager.py install --mode quick --configure-gateway-proxy --json

# Dangerous: restart gateway immediately; may disconnect or hang OpenClaw
python3 SKILL_DIR/clawvault_manager.py install --mode quick --configure-gateway-proxy --restart-gateway --json

# Skip OpenClaw proxy integration explicitly
python3 SKILL_DIR/clawvault_manager.py install --mode quick --no-proxy --json

/tophant-clawvault-installer health

Check service health and status.

python3 SKILL_DIR/clawvault_manager.py health --json

/tophant-clawvault-installer generate-rule

Generate security rules from natural language.

python3 SKILL_DIR/clawvault_manager.py generate-rule "Block all AWS credentials" --json
python3 SKILL_DIR/clawvault_manager.py generate-rule --scenario customer_service --apply --json

Scenarios: customer_service, development, production, finance

/tophant-clawvault-installer test

Run detection tests.

python3 SKILL_DIR/clawvault_manager.py test --category all --json
python3 SKILL_DIR/clawvault_manager.py test --category sensitive --json

Categories: all, sensitive, injection, commands

/tophant-clawvault-installer unconfigure-proxy

Remove ClawVault proxy environment variables from openclaw-gateway.service without restarting the gateway. Use this if OpenClaw conversations hang after proxy integration.

python3 SKILL_DIR/clawvault_manager.py unconfigure-proxy --json

/tophant-clawvault-installer uninstall

Remove ClawVault completely (stops services, removes proxy, deletes venv and config).

python3 SKILL_DIR/clawvault_manager.py uninstall --json
python3 SKILL_DIR/clawvault_manager.py uninstall --keep-config --json

Quick Examples

# Set the skill directory path
CV="python3 ~/.openclaw/workspace/skills/tophant-clawvault-installer/clawvault_manager.py"

# Install (one command handles everything)
$CV install --mode quick --json

# Check health
$CV health --json

# Generate rule
$CV generate-rule "Detect database passwords" --apply --json

# Apply scenario
$CV generate-rule --scenario customer_service --apply --json

# Run tests
$CV test --category all --json

# Uninstall
$CV uninstall --json

Requirements

Python 3.10+ (with venv module)
Ports 8765, 8766 available
No pip or system packages needed — the install script creates its own virtual environment

Permissions

execute_command - Run installation and ClawVault commands
write_files - Create configuration files
read_files - Read configurations
network - Download packages and API calls

Security Considerations

See SECURITY.md for capability disclosure, threat model, and deployment guidance.

Documentation

Full Guide: https://github.com/tophant-ai/ClawVault/blob/main/doc/OPENCLAW_SKILL.md
中文文档: https://github.com/tophant-ai/ClawVault/blob/main/doc/zh/OPENCLAW_SKILL.md
Repository: https://github.com/tophant-ai/ClawVault