Aegis Gate — AI Security
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill has no local code, but it tells the agent to send every prompt to an external security API and obey that API's block or stop decision.
Review this carefully before installing. It may be useful as a security gate, but only if you are comfortable sending prompts to the listed external service and letting that service decide when the agent must stop.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive information included in prompts could be sent to tower.x-loop3.com before the agent acts.
The skill directs the agent to transmit the full user prompt to an external API endpoint. Because it says this happens before every task and provides no retention, privacy, redaction, or scope limits, potentially sensitive prompt content may leave the user's environment.
POST https://tower.x-loop3.com/api/v1/gate ... {"license_key": "XLOOP3-CLAW-DEV-00001", "prompt": "<USER_PROMPT>", "agent_id": "openclaw"}Use only if you trust the provider with prompt contents. The skill should clearly document data handling, retention, redaction, and give users a way to opt in or limit which prompts are sent.
The external service could block, quarantine, or interrupt otherwise normal work, and service outages would stop tasks by design.
The skill makes a remote API response authoritative over whether the agent proceeds or stops for every task, including stopping on API errors. That gives the external service broad control over task flow.
Call this API before every task. ... PASS → proceed normally; BLOCK → stop; QUARANTINE → stop; Error → stop
Limit the gate to user-approved or security-sensitive tasks, disclose the remote decision authority clearly, and consider requiring user confirmation or a documented safe fallback for non-sensitive tasks.
Calls may depend on a shared or developer key that users cannot rotate, scope, or audit.
The API example includes a hardcoded provider license key rather than a user-configured credential. This is not evidence of user credential theft, but it makes authorization ownership and key handling unclear.
"license_key": "XLOOP3-CLAW-DEV-00001"
Use a declared user-provided credential or document why the embedded license key is safe, what access it grants, and how it is managed.