ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Clawguard Skill

Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.

Audits

Suspicious
ClawScanSuspicious

Agentic behavior and permission review.

Static analysisPending

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install clawguard-skill

ClawWall — Outbound DLP for OpenClaw

GitHub: https://github.com/Stanxy/clawguard PyPI: https://pypi.org/project/clawwall

ClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.

Setup

One command:

bash setup.sh

This installs the Python service, builds the plugin and hook, registers the plugin in your OpenClaw config, sets up a system service, and verifies the health endpoint.

The gateway:startup hook auto-starts the service whenever OpenClaw boots — no manual clawwall command needed.

Trust & Permissions

What this installs:

ComponentWhat It Does
Python service (port 8642)Receives every outbound tool call for scanning
OpenClaw plugin (before_tool_call)Intercepts outbound content and routes to the service
Startup hook (gateway:startup)Auto-starts the service when OpenClaw boots
SQLite databaseStores scan metadata (finding type, severity, action, duration)
systemd/launchd serviceFallback auto-start via OS service manager

What the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values.

What it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local.

Verify Installation

# Health check
curl -s http://127.0.0.1:8642/api/v1/health

# Test scan
curl -s -X POST http://127.0.0.1:8642/api/v1/scan \
  -H "Content-Type: application/json" \
  -d '{"content": "key=AKIAIOSFODNN7EXAMPLE"}'

# Dashboard
open http://127.0.0.1:8642/dashboard

What ClawWall Detects

  • Secrets (52 patterns): AWS, GCP, Azure, GitHub, GitLab, Stripe, Square, PayPal, Slack, Discord, Telegram, Twilio, SSH/PGP private keys, database URIs, JWT/Bearer tokens, SaaS API keys, and more
  • PII (10 patterns): SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses
  • Entropy analysis: high-entropy strings that don't match any known pattern
  • Custom patterns: user-defined regex via policy YAML

Configuration

Environment variables (all prefixed CLAWGUARD_):

VariableDefaultDescription
CLAWGUARD_HOST0.0.0.0Bind address
CLAWGUARD_PORT8642Port
CLAWGUARD_DATABASE_URLsqlite+aiosqlite:///~/.config/clawwall/clawwall.dbDatabase path
CLAWGUARD_POLICY_PATH~/.config/clawwall/policy.yamlPolicy file
CLAWGUARD_LOG_LEVELINFOLog verbosity

Policy

Default policy redacts all findings. Edit via the dashboard or ~/.config/clawwall/policy.yaml:

default_action: REDACT      # BLOCK | REDACT | ALLOW
redaction:
  strategy: mask             # mask | hash | remove
  mask_char: "*"
  mask_preserve_edges: 4
destination_allowlist: []    # bypass scanning for trusted destinations
destination_blocklist: []    # always reject these destinations
custom_patterns: []          # add your own regex patterns
disabled_patterns: []        # disable specific built-in patterns by name

Policy evaluation order: severity overrides > destination allowlist > destination blocklist > destination rules > agent rules > default action.

Agent Instructions

You are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.

ResultMeaning
ALLOWNo sensitive data detected — call went through
REDACTSensitive portions were masked before sending
BLOCKCall rejected — nothing was sent

Best practices:

  • Never include raw API keys, tokens, or PII in outbound calls
  • Reference credentials by name ($OPENAI_API_KEY), not by value
  • If blocked, check findings to see what matched, remove the sensitive data, and retry
  • False positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard

Troubleshooting

ProblemSolution
Service not startingCheck ~/.config/clawwall/clawwall.log for errors
Port 8642 in useAnother process is using the port — check with lsof -i :8642
Plugin not interceptingVerify plugin is registered in ~/.openclaw/openclaw.json
False positivesDisable specific patterns via disabled_patterns in policy YAML
Hook not firingRebuild hook: cd hooks/openclaw && npm run build
clawwall not foundEnsure pip install directory is on PATH, or use python3 -m clawguard