ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentGate - Enterprise Security Firewall for OpenClaw

Enforces regex-based, real-time authorization policies on OpenClaw agents’ tool calls, blocking, allowing, or requiring approval before execution.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 404 · 4 current installs · 4 all-time installs
by@wiserautomation
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a networked firewall that forwards agent API key, tool name, and serialized arguments to a remote cloud function and stores logs in Firestore. That capability would legitimately require an API key, endpoint config, and installable SDK; however the registry metadata declares no required env vars, no install spec, and no homepage even though the SKILL.md includes a specific endpoint/website. The absence of declared credentials and install info is inconsistent with the described purpose.
!
Instruction Scope
Instructions explicitly tell integrators to send the agent API key and JSON.stringify(args) to a remote endpoint on every tool call, to poll Firestore every 2s for approvals, and to trigger Telegram webhooks. That means potentially sensitive data (shell commands, HTTP request bodies, filesystem contents, Stripe args, emails, etc.) will be transmitted to an external service — there is no mention of encryption, minimization, access/retention policies, or what fields are redacted. The SKILL.md also instructs installing and using an npm SDK but provides no code or provenance for that package inside the registry.
Install Mechanism
This is an instruction-only skill (no install spec in registry), yet SKILL.md tells users to npm install @agentgate/openclaw-guard and to sign up at a vercel.app dashboard. Installing an npm package from the public registry is a common pattern, but the registry should declare that dependency and any required environment configuration. The lack of an install spec and lack of code in the package bundle means the user must trust an external npm package and the remote service.
!
Credentials
The runtime flow requires an AGENTGATE_API_KEY (used on every tool call) and likely service-specific credentials (Firestore, Telegram/webhook config). Yet the skill metadata lists no required env vars or primary credential. Requesting an API key that will receive full serialized tool arguments (potentially secrets) is high-privilege and should be explicitly declared and justified — it is not.
Persistence & Privilege
The skill does not request 'always' presence and leaves autonomous invocation enabled (normal). It will, however, be implemented as a wrapper on the agent's tool-execution path and thus intercepts all calls. That interception behavior is consistent with the stated purpose, but combined with the remote-forwarding design it increases the blast radius because every tool call and the agent API key are transmitted off-host.
What to consider before installing
Before installing or using this skill, consider the following: (1) The SKILL.md requires an AGENTGATE_API_KEY and installing an npm package, but the registry metadata does not declare those — ask the publisher to explicitly list required env vars and provide the package source code. (2) This skill forwards full serialized tool arguments (which may contain secrets, file contents, Stripe amounts, SMTP data, etc.) to a remote endpoint and stores audit logs in Firestore — verify the remote service's privacy, retention, and access controls, and whether payloads are redacted or encrypted. (3) Review the source for @agentgate/openclaw-guard and the cloud functions (or ask for an auditable deployment), and only install from a verified, pinned package/version. (4) If you must test, run in an isolated environment with non-production credentials and limited data, rotate any API keys used, and monitor agent/audit logs closely. (5) If your threat model requires that sensitive data never leaves your environment, prefer a local-only enforcement solution or require the publisher to provide an on-prem/self-host option and a security whitepaper explaining data flows. If the publisher cannot provide clear provenance and data-handling guarantees, treat this skill as high-risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
ai-agentvk97d45zn9jyg3mbq33234xwpc981r0ejauthorizationvk97d45zn9jyg3mbq33234xwpc981r0ejenterprisevk97d45zn9jyg3mbq33234xwpc981r0ejfirewallvk97d45zn9jyg3mbq33234xwpc981r0ejguardrailsvk97d45zn9jyg3mbq33234xwpc981r0ejlatestvk97d45zn9jyg3mbq33234xwpc981r0ejopenclawvk97d45zn9jyg3mbq33234xwpc981r0ejsecurityvk97d45zn9jyg3mbq33234xwpc981r0ej

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AgentGate - Enterprise Security Firewall for OpenClaw

AgentGate is a real-time policy enforcement layer that intercepts every tool call your OpenClaw agent makes before it executes. It evaluates the call against human-defined regex-based rules stored in Firestore and returns one of three decisions: ALLOW, DENY, or REQUIRE_APPROVAL.

Why this exists

OpenClaw agents operate with full tool access by default. A single hallucination can cause the agent to run rm -rf, send unauthorized emails, issue Stripe API calls, push broken code to production, or exfiltrate data to external endpoints. AgentGate intercepts every tool call before execution.

Architecture

AgentGate wraps the agent executeTool method using a middleware pattern. On every tool invocation it sends a POST request to the AgentGate Firebase Cloud Function with the agent API key, tool name, and serialized arguments. The function validates the key, evaluates regex policies, writes to the audit log, and returns the decision in under 80ms.

Decision types

ALLOW: Tool executes normally. DENY: Tool is blocked. Agent receives structured error: "AgentGate: Action blocked by policy [policy_id]. Do not retry." REQUIRE_APPROVAL: Execution paused. Telegram webhook fires to operator with Approve/Deny buttons. Agent polls Firestore every 2 seconds for up to 5 minutes.

Supported tool types

  • bash: shell command execution
  • browser: Playwright-based web automation
  • fetch: outbound HTTP requests
  • fs: filesystem read and write
  • email: SMTP and SendGrid integrations
  • stripe: payment API calls

Policy format

agentId: string toolName: string (e.g. "bash") condition: string (regex evaluated against JSON.stringify(args)) ruleType: "ALLOW" | "DENY" | "REQUIRE_APPROVAL" priority: integer (lower = evaluated first)

Example - block destructive bash commands: toolName: "bash" condition: "rm\s+-rf|DROP\s+TABLE" ruleType: "DENY"

Example - require approval for Stripe charges over $100: toolName: "stripe" condition: ""amount":\s*[1-9][0-9]{4,}" ruleType: "REQUIRE_APPROVAL"

Example - whitelist-only outbound fetch: toolName: "fetch" condition: "^(?!.(api\.github\.com|agent-gate-rho\.vercel\.app)).$" ruleType: "DENY"

SDK usage

npm install @agentgate/openclaw-guard

import OpenClaw from 'openclaw'; import { withAgentGate } from '@agentgate/openclaw-guard';

const agent = new OpenClaw({ model: 'claude-3-5-sonnet', tools: ['bash', 'browser', 'fetch'] });

const securedAgent = withAgentGate(agent, { apiKey: process.env.AGENTGATE_API_KEY, endpoint: 'https://agent-gate-rho.vercel.app/api/evaluate-action', onDeny: (toolName, args, policyId) => console.log('Blocked:', toolName, policyId), onApprovalRequired: (toolName, args) => console.log('Awaiting approval:', toolName) });

await securedAgent.run('Research competitors and update the CRM');

Dashboard

https://agent-gate-rho.vercel.app provides:

  • Agent management and API key rotation
  • AI Policy Wizard: describe rules in plain English, Gemini generates the regex
  • Real-time audit log via Firestore onSnapshot
  • Approval queue with one-click approve or deny

Getting started

  1. Sign up free at https://agent-gate-rho.vercel.app
  2. Create an agent and copy the API key
  3. npm install @agentgate/openclaw-guard
  4. Wrap your agent with withAgentGate
  5. Define policies in the dashboard using the AI Wizard
  6. Watch the real-time audit log as your agent runs

Pricing

Free: 1 agent, 500 evaluations/month, 7-day audit log. No credit card required.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…