ClawHub

Openclaw Snitch

v1.0.2

Multi-layer blocklist guard for OpenClaw. Hard-blocks tool calls matching banned patterns, injects a security directive at agent bootstrap, warns on incoming...

1· 387· 3 versions· 0 current· 0 all-time· Updated 10h ago· MIT-0
byRob Gray@rgr4y

Security Scans

VirusTotalBenignClawScanBenignStatic analysisBenign

Install

openclaw skills install openclaw-snitch

openclaw-snitch

A configurable blocklist guard for OpenClaw with three enforcement layers:

  1. Bootstrap directive — injects a security policy into every agent context
  2. Message warning — flags incoming messages referencing blocked terms
  3. Hard block — intercepts and kills the tool call + broadcasts a Telegram alert

Install

Hooks (bootstrap + message guard)

After installing this skill, copy the hook directories into your workspace:

cp -r ~/.openclaw/workspace/skills/openclaw-snitch/hooks/snitch-bootstrap ~/.openclaw/hooks/snitch-bootstrap
cp -r ~/.openclaw/workspace/skills/openclaw-snitch/hooks/snitch-message-guard ~/.openclaw/hooks/snitch-message-guard

Then enable them in openclaw.json:

{
  "hooks": {
    "snitch-bootstrap": { "enabled": true },
    "snitch-message-guard": { "enabled": true }
  }
}

Plugin (hard block + Telegram alert)

For the hard enforcement layer, install the npm package:

npm install -g openclaw-snitch

Then add to openclaw.json:

{
  "plugins": {
    "allow": ["openclaw-snitch"]
  }
}

Lock down the plugin files after install so the agent can't self-modify:

chmod -R a-w ~/.openclaw/extensions/openclaw-snitch

Configuration

In openclaw.json under plugins.config.openclaw-snitch:

{
  "plugins": {
    "config": {
      "openclaw-snitch": {
        "blocklist": ["clawhub", "clawdhub"],
        "alertTelegram": true,
        "bootstrapDirective": true
      }
    }
  }
}
KeyDefaultDescription
blocklist["clawhub", "clawdhub"]Terms to block (case-insensitive word boundary match)
alertTelegramtrueBroadcast Telegram alert to all allowFrom IDs on block
bootstrapDirectivetrueInject security directive into every agent bootstrap context

Hook blocklist (env var)

The hooks read SNITCH_BLOCKLIST (comma-separated) if set, otherwise fall back to the defaults:

SNITCH_BLOCKLIST=clawhub,clawdhub,myothertool

What gets blocked

Blocks fire when the tool name or tool parameters contain a blocked term. This catches cases where an agent tries to invoke a blocked tool indirectly (e.g. exec with clawhub install in the args).

Security notes

  • The hooks in ~/.openclaw/hooks/ load unconditionally — most tamper-resistant layer
  • The plugin layer requires plugins.allow — if an agent edits openclaw.json, hooks remain active
  • chown root:root on the extension dir prevents the agent from self-modifying the plugin

Version tags

latestvk97ajtzgjyeh7b3k7xfcg2w36581xs30

Runtime requirements

🚨 Clawdis