{"skill":{"slug":"clawguard-skill","displayName":"Clawguard Skill","summary":"Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.","description":"---\nname: clawwall\nversion: 0.3.0\ndescription: \"Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.\"\nauthor: Stanxy\nopenclaw:\n  requires:\n    bins:\n      - python3\n      - pip\n      - node\n      - npm\n    envs: []\n  hooks:\n    - event: gateway:startup\n      handler: hooks/openclaw/dist/handler.js\n      export: onStartup\n---\n\n# ClawWall — Outbound DLP for OpenClaw\n\n**GitHub:** https://github.com/Stanxy/clawguard\n**PyPI:** https://pypi.org/project/clawwall\n\nClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.\n\n## Setup\n\nOne command:\n\n```bash\nbash setup.sh\n```\n\nThis installs the Python service, builds the plugin and hook, registers the plugin in your OpenClaw config, sets up a system service, and verifies the health endpoint.\n\nThe `gateway:startup` hook auto-starts the service whenever OpenClaw boots — no manual `clawwall` command needed.\n\n## Trust & Permissions\n\n**What this installs:**\n\n| Component | What It Does |\n|-----------|-------------|\n| **Python service** (port 8642) | Receives every outbound tool call for scanning |\n| **OpenClaw plugin** (`before_tool_call`) | Intercepts outbound content and routes to the service |\n| **Startup hook** (`gateway:startup`) | Auto-starts the service when OpenClaw boots |\n| **SQLite database** | Stores scan metadata (finding type, severity, action, duration) |\n| **systemd/launchd service** | Fallback auto-start via OS service manager |\n\n**What the database stores:** finding type, severity, position offsets, action taken, and duration. It **never** stores raw content, secrets, or PII values.\n\n**What it does NOT do:** no telemetry, no external connections, no data leaves the machine. The service is fully local.\n\n## Verify Installation\n\n```bash\n# Health check\ncurl -s http://127.0.0.1:8642/api/v1/health\n\n# Test scan\ncurl -s -X POST http://127.0.0.1:8642/api/v1/scan \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"content\": \"key=AKIAIOSFODNN7EXAMPLE\"}'\n\n# Dashboard\nopen http://127.0.0.1:8642/dashboard\n```\n\n## What ClawWall Detects\n\n- **Secrets (52 patterns):** AWS, GCP, Azure, GitHub, GitLab, Stripe, Square, PayPal, Slack, Discord, Telegram, Twilio, SSH/PGP private keys, database URIs, JWT/Bearer tokens, SaaS API keys, and more\n- **PII (10 patterns):** SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses\n- **Entropy analysis:** high-entropy strings that don't match any known pattern\n- **Custom patterns:** user-defined regex via policy YAML\n\n## Configuration\n\nEnvironment variables (all prefixed `CLAWGUARD_`):\n\n| Variable | Default | Description |\n|---|---|---|\n| `CLAWGUARD_HOST` | `0.0.0.0` | Bind address |\n| `CLAWGUARD_PORT` | `8642` | Port |\n| `CLAWGUARD_DATABASE_URL` | `sqlite+aiosqlite:///~/.config/clawwall/clawwall.db` | Database path |\n| `CLAWGUARD_POLICY_PATH` | `~/.config/clawwall/policy.yaml` | Policy file |\n| `CLAWGUARD_LOG_LEVEL` | `INFO` | Log verbosity |\n\n## Policy\n\nDefault policy redacts all findings. Edit via the dashboard or `~/.config/clawwall/policy.yaml`:\n\n```yaml\ndefault_action: REDACT      # BLOCK | REDACT | ALLOW\nredaction:\n  strategy: mask             # mask | hash | remove\n  mask_char: \"*\"\n  mask_preserve_edges: 4\ndestination_allowlist: []    # bypass scanning for trusted destinations\ndestination_blocklist: []    # always reject these destinations\ncustom_patterns: []          # add your own regex patterns\ndisabled_patterns: []        # disable specific built-in patterns by name\n```\n\nPolicy evaluation order: severity overrides > destination allowlist > destination blocklist > destination rules > agent rules > default action.\n\n## Agent Instructions\n\nYou are operating behind **ClawWall**. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.\n\n| Result | Meaning |\n|--------|---------|\n| `ALLOW` | No sensitive data detected — call went through |\n| `REDACT` | Sensitive portions were masked before sending |\n| `BLOCK` | Call rejected — nothing was sent |\n\n**Best practices:**\n- Never include raw API keys, tokens, or PII in outbound calls\n- Reference credentials by name (`$OPENAI_API_KEY`), not by value\n- If blocked, check `findings` to see what matched, remove the sensitive data, and retry\n- False positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard\n\n## Troubleshooting\n\n| Problem | Solution |\n|---------|----------|\n| Service not starting | Check `~/.config/clawwall/clawwall.log` for errors |\n| Port 8642 in use | Another process is using the port — check with `lsof -i :8642` |\n| Plugin not intercepting | Verify plugin is registered in `~/.openclaw/openclaw.json` |\n| False positives | Disable specific patterns via `disabled_patterns` in policy YAML |\n| Hook not firing | Rebuild hook: `cd hooks/openclaw && npm run build` |\n| `clawwall` not found | Ensure pip install directory is on PATH, or use `python3 -m clawguard` |\n","tags":{"latest":"0.3.0"},"stats":{"comments":0,"downloads":302,"installsAllTime":11,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1771697112068,"updatedAt":1779077254861},"latestVersion":{"version":"0.3.0","createdAt":1771697112068,"changelog":"- Added comprehensive SKILL.md with full setup, usage, and policy documentation for ClawWall 0.3.0.\n- Clarified installation steps and outbound DLP functionality, including OpenClaw integration via gateway:startup hook.\n- Outlined detected secrets/PII patterns, entropy checks, and custom policy options.\n- Documented all configuration variables, policy definitions, and agent result codes (ALLOW, REDACT, BLOCK).\n- Included troubleshooting guide for common issues and solutions.","license":null},"metadata":null,"owner":{"handle":"stanxy","userId":"s175gk98t8ndnn8x7zj7paycns885g0h","displayName":"Stan Liu","image":"https://avatars.githubusercontent.com/u/37076001?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779948112482}}