ClawWall
v0.2.2Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.
⭐ 2· 499·0 current·0 all-time
byStan Liu@stanxy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a local DLP service + OpenClaw plugin that intercepts all outbound tool calls — which matches the advertised purpose. However, registry metadata lists no required binaries/envs while the SKILL.md frontmatter requires python3, pip, git, node, npm and lists CLAWGUARD_* environment variables. There are naming/version inconsistencies (repo named 'clawguard' vs package 'clawwall', SKILL.md shows v0.2.1 while registry is v0.2.2). These mismatches are not fatal but reduce trust and should be clarified.
Instruction Scope
The instructions tell the operator to install a PyPI package and an npm-based plugin that hooks before_tool_call and routes every outbound tool call through a local HTTP scan service. That behavior is consistent with DLP, but it is high-privilege: the plugin intercepts all outbound content. The SKILL.md claims the local DB never stores raw content/PII and that no telemetry leaves the machine — these are assertions the user cannot verify from the instruction-only skill. The agent would need to run third-party code (pip/npm) to enforce the behavior, so inspect source before trusting.
Install Mechanism
No install spec is present in the registry (skill is instruction-only), but SKILL.md instructs installing from PyPI and/or cloning GitHub releases and running npm build. Installing from PyPI/GitHub is a common distribution mechanism and the doc even lists wheel SHA256s (good practice). Still, because the registry package contains no code, the installer will fetch and execute external packages — that raises risk if you don't validate the upstream release.
Credentials
The SKILL.md documents only non-secret environment variables with reasonable defaults (bind address, port, DB path, policy location, log level). The registry metadata, however, lists no required envs while the README lists CLAWGUARD_* variables — again an inconsistency but the requested envs are not secrets. The real privacy risk is that the plugin/service will see all outbound payloads (by design), so credential exposure depends on how redaction is implemented.
Persistence & Privilege
always:false and manual plugin registration mean the skill will not be force-included and the operator must explicitly add the plugin to OpenClaw config. The skill requires installing/ running local services that persist a SQLite DB, but it does not request elevated platform privileges in the instructions.
What to consider before installing
This skill asks you to install third-party code (PyPI package and a compiled npm plugin) that will intercept every outbound tool call. That is consistent with a DLP product but is high-privilege: the service will see all outbound content. Before installing: (1) verify the upstream project/release (visit the GitHub repo and PyPI page) and confirm the SHA256 matches the wheel you download, (2) review the source for the PyPI package and the plugin build to ensure it actually redacts/stores only metadata as claimed, (3) run it in an isolated environment or sandbox first, (4) check/limit file and network permissions for the process and the plugin path, and (5) clarify the metadata mismatches (package vs repo name, and version differences) with the publisher. Because this registry entry contains only instructions and not the code, fetching the external packages is required — do not install without source review or other mitigations.Like a lobster shell, security has layers — review code before you run it.
latestvk974jz6n8hx1tq1pyg68djthkn81f5a6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.