Tophant Clawvault Installer

v0.2.5

Install, configure, test, and uninstall ClawVault AI security proxy

⭐ 0· 102·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for martin2877/tophant-clawvault-installer.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Tophant Clawvault Installer" (martin2877/tophant-clawvault-installer) from ClawHub.
Skill page: https://clawhub.ai/martin2877/tophant-clawvault-installer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install martin2877/tophant-clawvault-installer

ClawHub CLI

Package manager switcher

npx clawhub@latest install tophant-clawvault-installer

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description, SKILL.md, skill.json and clawvault_manager.py all consistently implement an installer/manager for a local HTTP(S) inspection proxy (ClawVault). Permissions requested (execute_command, read_files, write_files, network) and the actions the code performs (create venv, pip install from GitHub, write ~/.ClawVault/, optionally modify openclaw unit file) are proportionate to an installer for this functionality.

ℹ

Instruction Scope

SKILL.md and the script instruct the agent to create a venv, install the package from GitHub, generate config under ~/.ClawVault/, optionally inject HTTP_PROXY/HTTPS_PROXY into an existing OpenClaw systemd user unit, and start proxy/dashboard services. These actions are within installer scope but include high-impact behavior: the proxy intentionally inspects API request/response bodies (it will see API keys and PII) and the default config disables SSL verification to enable MITM inspection. Those security trade-offs are documented but are intrinsically risky.

Install Mechanism

Installation is done via pip install git+https://github.com/tophant-ai/ClawVault.git (main branch) inside a created venv. There is no version pinning, checksum, or signature verification. Installing directly from upstream main branch creates a supply-chain risk: a compromise or malicious commit upstream would propagate to all installs.

ℹ

Credentials

The skill declares no environment variables or external credentials, which is consistent. However, because it is a local MITM proxy it will observe API keys and sensitive content in proxied traffic (this is intentional and documented). The only system config it may modify is ~/.config/systemd/user/openclaw-gateway.service when present — that modification is explained and skippable via --no-proxy.

✓

Persistence & Privilege

The skill does not demand always:true and is user-invocable only. It writes files under predictable per-user paths (~/.clawvault-env, ~/.ClawVault) and may modify an existing OpenClaw unit file only if present. Those are normal installer-level privileges and are clearly described.

Assessment

This installer is internally consistent for installing a local MITM inspection proxy, but it has deliberate, high-impact defaults. Before installing: 1) Read SECURITY.md fully and confirm the MITM/ssl_verify=false trade-offs are acceptable. 2) Prefer installing in an isolated environment (VM/container) or test host first. 3) If you want to reduce supply-chain risk, pin to a vetted commit (pip install git+...@<sha>) or review the GitHub repo before running the installer. 4) Use --no-proxy or --no-start if you only want config generation and to avoid modifying systemd or starting services automatically; back up ~/.config/systemd/user/openclaw-gateway.service before allowing modifications. 5) Keep the dashboard bound to localhost and do not set --dashboard-host 0.0.0.0 unless behind strong network controls. 6) If you accept installation, periodically audit ~/.ClawVault/audit.db and configure retention, and consider rotating any API keys that may have been exposed in test traffic. 7) If unsure, do not install on production machines or on devices with sensitive network access.

Like a lobster shell, security has layers — review code before you run it.

ai-protectionvk97cndpfergxheq7gj5h0r823h85d2tqlatestvk97cndpfergxheq7gj5h0r823h85d2tqprivacyvk97cndpfergxheq7gj5h0r823h85d2tqproxyvk97cndpfergxheq7gj5h0r823h85d2tqsecurityvk97cndpfergxheq7gj5h0r823h85d2tqthreat-detectionvk97cndpfergxheq7gj5h0r823h85d2tq

102downloads

0stars

6versions

Updated 4d ago

v0.2.5

MIT-0

ClawVault Installer

Install, configure, test, and uninstall ClawVault — the AI security proxy that protects agents from prompt injection, data leakage, and dangerous commands.

Protection Against:

Prompt injection attacks
Data leakage (PII, credentials, API keys)
Dangerous command execution
Jailbreak attempts

What This Skill Does

Installs ClawVault into a dedicated venv at ~/.clawvault-env/ and writes config under ~/.ClawVault/. See SECURITY.md for the full capability, risk, and design-intent disclosure.

How to Run

IMPORTANT: All commands MUST be executed using the Python script bundled with this skill.

Do NOT run pip install, clawvault, or any other command directly. Always use:

python3 SKILL_DIR/clawvault_manager.py <command> [options]

Where SKILL_DIR is the directory containing this SKILL.md file (typically ~/.openclaw/workspace/skills/tophant-clawvault-installer/ or ~/.openclaw/skills/tophant-clawvault-installer/).

Add --json to any command for machine-readable JSON output.

Commands

/tophant-clawvault-installer install

Install ClawVault. The script handles everything automatically: creates a Python virtual environment, installs from GitHub, generates config, integrates OpenClaw proxy, and starts services. No pip or system package manager needed.

# Recommended: one command does everything
python3 SKILL_DIR/clawvault_manager.py install --mode quick --json

# Interactive setup
python3 SKILL_DIR/clawvault_manager.py install --mode standard --json

# Full control (strict mode)
python3 SKILL_DIR/clawvault_manager.py install --mode advanced --json

# Install without starting services
python3 SKILL_DIR/clawvault_manager.py install --mode quick --no-start --json

# Skip OpenClaw proxy integration
python3 SKILL_DIR/clawvault_manager.py install --mode quick --no-proxy --json

/tophant-clawvault-installer health

Check service health and status.

python3 SKILL_DIR/clawvault_manager.py health --json

/tophant-clawvault-installer generate-rule

Generate security rules from natural language.

python3 SKILL_DIR/clawvault_manager.py generate-rule "Block all AWS credentials" --json
python3 SKILL_DIR/clawvault_manager.py generate-rule --scenario customer_service --apply --json

Scenarios: customer_service, development, production, finance

/tophant-clawvault-installer test

Run detection tests.

python3 SKILL_DIR/clawvault_manager.py test --category all --json
python3 SKILL_DIR/clawvault_manager.py test --category sensitive --json

Categories: all, sensitive, injection, commands

/tophant-clawvault-installer uninstall

Remove ClawVault completely (stops services, removes proxy, deletes venv and config).

python3 SKILL_DIR/clawvault_manager.py uninstall --json
python3 SKILL_DIR/clawvault_manager.py uninstall --keep-config --json

Quick Examples

# Set the skill directory path
CV="python3 ~/.openclaw/workspace/skills/tophant-clawvault-installer/clawvault_manager.py"

# Install (one command handles everything)
$CV install --mode quick --json

# Check health
$CV health --json

# Generate rule
$CV generate-rule "Detect database passwords" --apply --json

# Apply scenario
$CV generate-rule --scenario customer_service --apply --json

# Run tests
$CV test --category all --json

# Uninstall
$CV uninstall --json

Requirements

Python 3.10+ (with venv module)
Ports 8765, 8766 available
No pip or system packages needed — the install script creates its own virtual environment

Permissions

execute_command - Run installation and ClawVault commands
write_files - Create configuration files
read_files - Read configurations
network - Download packages and API calls

Security Considerations

See SECURITY.md for capability disclosure, threat model, and deployment guidance.

Documentation

Full Guide: https://github.com/tophant-ai/ClawVault/blob/main/doc/OPENCLAW_SKILL.md
中文文档: https://github.com/tophant-ai/ClawVault/blob/main/doc/zh/OPENCLAW_SKILL.md
Repository: https://github.com/tophant-ai/ClawVault

License

Comments

Loading comments...