DashClaw Governance
ReviewAudited by ClawScan on May 13, 2026.
Overview
This plugin does broad governance of OpenClaw tool calls and sends tool-call metadata to a configured DashClaw service, but that behavior is clearly disclosed and matches its stated purpose.
Before installing, confirm you trust the configured DashClaw instance and understand that it will receive metadata about every tool call and may block or pause actions for approval. Store the API key securely, prefer environment variables or a secrets manager, and use fail-closed only if you want governance outages to stop tool execution.
Publisher note
Plugin intercepts every OpenClaw tool call (before_tool_call, llm_output, after_tool_call, agent_end) and forwards classification metadata to a user-configured DashClaw URL over HTTPS. No native host access required: no FS writes outside node_modules install, no shell exec, no native bindings. Reads three env vars (DASHCLAW_BASE_URL, DASHCLAW_API_KEY, DASHCLAW_AGENT_ID) and the plugin config object. Module-scoped state caches a DashClaw HTTP client and per-run token attribution maps (bounded at 1000 entries to prevent leaks).
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
DashClaw policy or outages can delay or block agent tool calls, especially with fail-closed enabled.
The plugin has broad authority over the agent's tool execution path, including allowing, blocking, and waiting for approval. This is central to the stated governance purpose and is plainly disclosed.
Every tool call your agent makes flows through DashClaw before it executes
Install only if you want DashClaw to govern all tool calls, and configure failClosed/highRiskTools to match your operational needs.
Sensitive operational details could be recorded by the configured DashClaw instance.
The plugin sends tool-call metadata and parameter summaries to an external DashClaw service. This is disclosed and purpose-aligned, but those summaries may include sensitive command arguments, file paths, or snippets from tool parameters.
before_tool_call sends the tool name, risk score, and a 500-character parameter summary to DashClaw `/api/guard`
Use a trusted DashClaw URL, protect the API key, and avoid sending secrets in tool parameters where possible.
Anyone with the configured API key may be able to interact with the DashClaw service according to that key's permissions.
The plugin uses a DashClaw API key for its service integration. The credential requirement is documented and marked sensitive in UI hints, but users should still treat it as delegated access to governance records and approvals.
"dashclawApiKey": { "type": "string", "description": "DashClaw API key (starts with oc_live_). Optional if DASHCLAW_API_KEY env var is set, or if apiKey is provided." }Store the key in environment/secrets management, scope or rotate it where possible, and do not commit it in plugin config files.
A dependency update could change how the plugin communicates with DashClaw or handles approvals.
The plugin depends on the external DashClaw npm package with a caret version range. This is common for npm packages, but it means future compatible dependency updates may affect runtime behavior.
"dependencies": { "dashclaw": "^2.11.1" }Install from the expected package source and consider using a lockfile or pinned dependency resolution in production.