{"skill":{"slug":"apoer-agent-guardrail","displayName":"APort Agent Guardrail","summary":"Pre-action authorization for AI agents. Verifies permissions before every tool runs (shell, messaging, git, MCP, data export). Works with OpenClaw, IronClaw,...","description":"---\nname: aport-guardrail\ndescription: Pre-action authorization for AI agents. Verifies permissions before every tool runs (shell, messaging, git, MCP, data export). Works with OpenClaw, IronClaw, PicoClaw. APort policy engine allows or denies each tool call deterministically; agent cannot skip it.\nhomepage: https://aport.io\nmetadata: {\"openclaw\":{\"requires\":{\"bins\":[\"jq\"]}}}\n---\n\n# APort Agent Guardrail\n\nPre-action authorization for AI agents: every tool call is checked **before** it runs. Works with OpenClaw, IronClaw, PicoClaw, and compatible frameworks. Run the installer once; the OpenClaw plugin then enforces policy on every tool call automatically. You do **not** run the guardrail script yourself.\n\n> Requires: Node 18+, jq. Install with `npx @aporthq/agent-guardrails` or `./bin/openclaw` from the repo.\n\n## Installation\n\n```bash\n# Recommended (no clone needed)\nnpx @aporthq/agent-guardrails\n\n# Hosted passport: skip the wizard by passing agent_id from aport.io\nnpx @aporthq/agent-guardrails \n```\n\nGet a Hosted Passport **agent_id** at [aport.io](https://aport.io/builder/create/) after creating a passport there. __*OPTIONAL*__\n\nFrom the repo (clone first): [github.com/aporthq/aport-agent-guardrails](https://github.com/aporthq/aport-agent-guardrails) — then run `./bin/openclaw` or `./bin/openclaw ` from the repo root. Full guides: [QuickStart: OpenClaw Plugin](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/QUICKSTART_OPENCLAW_PLUGIN.md) · [Hosted passport setup](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/HOSTED_PASSPORT_SETUP.md).\n\nYou can preview your local passport at `~/.openclaw/aport/passport.json` (or `/aport/passport.json` if you chose a different config dir; legacy installs may use `/passport.json`).\n\nThe installer is interactive: it sets your config dir, passport (local or hosted), installs the APort OpenClaw plugin, writes config, and installs wrappers. **After it finishes, nothing else is required**—start OpenClaw (or use the running gateway); the plugin enforces before every tool call.\n\nWrappers (default config dir `~/.openclaw`): `~/.openclaw/.skills/aport-guardrail.sh` (local), `~/.openclaw/.skills/aport-guardrail-api.sh` (API/hosted). The plugin uses these; you don’t call them unless testing.\n\n## Usage\n\n**Normal use:** Run the installer once. After that, nothing to run manually—the plugin enforces before each tool call automatically.\n\n**Optional — direct script calls** (e.g. testing or other automations):\n\n```bash\n~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{\"command\":\"ls\"}'\n~/.openclaw/.skills/aport-guardrail.sh messaging.message.send '{\"channel\":\"whatsapp\",\"to\":\"+15551234567\"}'\n```\n\n- Exit 0 = ALLOW (tool may proceed)\n- Exit 1 = DENY (see `/aport/decision.json` or `/decision.json` for reason codes)\n\nFor API mode / hosted passports:\n\n```bash\nAPORT_API_URL=https://api.aport.io ~/.openclaw/.skills/aport-guardrail-api.sh system.command.execute '{\"command\":\"ls\"}'\n```\n\n## Tool name mapping\n\n| When you're about to… | Use tool_name |\n|------------------------------|-----------------------------|\n| Run shell commands | `system.command.execute` |\n| Send WhatsApp/email/etc. | `messaging.message.send` |\n| Create/merge PRs | `git.create_pr`, `git.merge`|\n| Call MCP tools | `mcp.tool.execute` |\n| Export data / files | `data.export` |\n\nContext must be valid JSON, e.g. `'{\"command\":\"ls\"}'` or `'{\"channel\":\"whatsapp\",\"to\":\"+1...\"}'`.\n\n## Why this skill?\n\n- **Deterministic** – runs in `before_tool_call`; the agent cannot skip it.\n- **Structured policy** – backed by [Open Agent Passport (OAP) v1.0](https://github.com/aporthq/aport-spec/tree/main) and policy packs.\n- **Fail-closed** – if the guardrail errors, the tool is blocked.\n- **Audit-ready** – decisions are logged (local JSON or APort API for signed receipts).\n\nPair it with other threat-detection tooling if needed; enforce policy through this guardrail so unsafe actions never run.\n\n## Docs\n\n**This repo:** [QuickStart: OpenClaw Plugin](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/QUICKSTART_OPENCLAW_PLUGIN.md) · [Hosted passport](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/HOSTED_PASSPORT_SETUP.md) · [Tool / policy mapping](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/TOOL_POLICY_MAPPING.md)\n\n**OpenClaw:** [CLI: skills](https://docs.openclaw.ai/cli/skills) · [Skills](https://docs.openclaw.ai/tools/skills) · [Skills config](https://docs.openclaw.ai/tools/skills-config) · [ClawHub](https://docs.openclaw.ai/tools/clawhub)\n","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":320,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1771324443909,"updatedAt":1778991169176},"latestVersion":{"version":"1.0.0","createdAt":1771324443909,"changelog":"Initial release of aport-guardrail: pre-action authorization for AI agents.\n\n- Enforces deterministic, policy-based tool authorization for OpenClaw, IronClaw, and PicoClaw agents before every tool call.\n- Installer sets up config, plugin, and necessary script wrappers for automatic enforcement.\n- Supports both local and hosted (API) passports; integrates with APort policy engine.\n- Designed to be fail-closed, audit-ready, and impossible for agents to bypass.\n- CLI and direct script call documentation provided; supports shell, messaging, git, MCP, and data export tools.","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"uchibeke","userId":"s17b2vmmny6282ekgb026j4vbx83gcw7","displayName":"Uchi Uchibeke","image":"https://avatars.githubusercontent.com/u/5677552?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779972557725}}