ClawHub

Claw Permission Firewall

v1.0.0

Evaluates agent actions for security risks, enforcing least-privilege policies with allow, deny, or confirmation decisions and secret redaction.

1· 1.6k·3 current·3 all-time
by@bharathjanumpally
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/behavior align: the package implements HTTP/file/exec gating, redaction, risk scoring, and auditing as described in SKILL.md and policy.yaml. All required files and dependencies (js-yaml, minimatch) are consistent with parsing policy and matching globs/domains.
Instruction Scope
SKILL.md directs callers to build an action object and call evaluate; the code implements only action evaluation/redaction/audit. It does not instruct reading unrelated system secrets or sending telemetry. The skill does read policy.yaml (local) and uses context.workspaceRoot and process.env.HOME to expand deny prefixes — these are reasonable for enforcing file path rules.
Install Mechanism
No install spec is declared (instruction-only at runtime). Source files and package.json are present but there is no remote download or extract step; dependencies are standard npm libs. No high-risk install URLs or arbitrary remote code fetches are used.
Credentials
The skill requests no environment variables or credentials. It does read process.env.HOME (to expand ~ in deny prefixes) and uses caller-provided context.workspaceRoot; this is proportional to its file-path enforcement role. Confirm your runtime supplies a correct workspaceRoot and that HOME access is acceptable in your environment.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It only reads local policy.yaml and uses in-memory evaluation/audit; it does not modify other skills or global agent configuration.
Assessment
This skill appears to do what it says: evaluate actions, redact secrets, and produce an audit record. Before installing or enabling it: 1) Review and edit policy.yaml to ensure allow/deny lists and thresholds match your security posture (especially allowDomains and denyPathPrefixes). 2) Note it reads the local policy.yaml and process.env.HOME to expand ~ prefixes — ensure the policy file and HOME are trustworthy. 3) Exec is disabled by default; if you enable exec in policy, treat the skill as high-risk and review denyPatterns carefully. 4) Test in a safe environment to validate redaction and false-positive behavior (JWT/AWS regexes can produce false matches). 5) Keep the policy file under your control (do not let untrusted skills/users modify it), since policy changes change the skill's decisions.

Like a lobster shell, security has layers — review code before you run it.

firewallvk97am4ma4699n2pxgfcrkjrhh980k1j7latestvk97am4ma4699n2pxgfcrkjrhh980k1j7policyvk97am4ma4699n2pxgfcrkjrhh980k1j7redactionvk97am4ma4699n2pxgfcrkjrhh980k1j7securityvk97am4ma4699n2pxgfcrkjrhh980k1j7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments