Guardrail Bridge
ReviewAudited by ClawScan on May 12, 2026.
Overview
Guardrail Bridge appears to be a disclosed pre-agent moderation plugin that can block messages locally or send them to configured security providers, with no artifact-backed evidence of hidden exfiltration or destructive behavior.
Before installing, decide whether you want automatic pre-agent filtering. If privacy is important, prefer the local blacklist mode; if using HTTP providers, configure trusted endpoints, store API keys in environment variables, and review fallback behavior so provider outages either pass or block according to your needs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When enabled, the plugin can stop some requests before the agent sees them.
The plugin hooks the before_dispatch event so it can decide whether a user message should be passed through or blocked.
api.on("before_dispatch", async (event, ctx) => { ... return handler(event, ctx); });Use clear configuration and test the selected blacklist or provider behavior so legitimate workflows are not unexpectedly blocked.
Provider API keys may be needed and will be used to authenticate moderation requests.
The skill may use provider API keys for remote moderation, which is expected for its HTTP connector mode and is documented.
Use provider-specific environment variable names ... `DKNOWNAI_API_KEY`, `SECRA_API_KEY`, or `HIDYLAN_API_KEY`.
Prefer environment variables over plaintext config, scope provider keys appropriately, and rotate them if exposed.
User prompts and some session or channel/user-derived metadata may be shared with the selected remote moderation provider.
In HTTP mode, the plugin sends the message text and a session identifier to the configured DKnownAI moderation endpoint.
body: JSON.stringify({ request_id: requestId, session_id: sessionId, input: text })Enable HTTP providers only if their privacy terms are acceptable; use the local blacklist connector when prompts should not leave the local environment.
Once enabled, the guardrail runs automatically for configured dispatches until disabled or stopped.
The plugin is configured to start with OpenClaw when enabled, which is normal for a pre-agent guardrail but means it operates persistently during the session.
"activation": { "onStartup": true }Install it only if you want ongoing pre-dispatch filtering, and review the enabled connector and per-channel settings.