APort Agent Guardrail
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned guardrail, but it asks you to run an unpinned external installer that persistently hooks every OpenClaw tool call and may log tool-call details.
Install this only if you trust APort and want it to mediate every OpenClaw tool call. Before using it on important accounts or private data, inspect or pin the npm package/repo, test in a separate profile, confirm how to uninstall or disable the plugin, and choose local versus hosted logging deliberately.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or unexpected npm package version could install code that affects how the agent runs tools.
The skill asks the user to run an external npm installer that is not pinned in the instructions and is not included in the reviewed artifact set, while that installer is expected to modify OpenClaw behavior.
Requires: Node 18+, jq. Install with `npx @aporthq/agent-guardrails` ... The installer is interactive: it sets your config dir, passport (local or hosted), installs the APort OpenClaw plugin, writes config, and installs wrappers.
Install only from a trusted source, inspect the referenced repository/package first, prefer a pinned version or checksum, and verify what files it writes before using it in a sensitive OpenClaw profile.
The guardrail can block or permit all future tool actions in that OpenClaw environment; misconfiguration or installer compromise could disrupt or steer agent behavior.
The installed plugin and wrappers persist under the OpenClaw configuration and automatically mediate every future tool call, but the artifact does not provide uninstall, disable, or scoping instructions.
After it finishes, nothing else is required—start OpenClaw (or use the running gateway); the plugin enforces before every tool call. Wrappers ... `~/.openclaw/.skills/aport-guardrail.sh` ...
Use a test profile first, keep a backup of OpenClaw config, confirm exactly how to disable or remove the plugin/wrappers, and ensure the policy fails in the way you expect.
Tool-call metadata, commands, recipient details, or data-export context may be stored locally or sent to APort depending on configuration.
Hosted/API mode can send or log guardrail decisions externally; the same document shows tool context includes items such as commands and messaging recipients.
For API mode / hosted passports: `APORT_API_URL=https://api.aport.io ...` ... decisions are logged (local JSON or APort API for signed receipts).
For sensitive workflows, prefer local passport mode if available, review APort’s retention/privacy terms, and avoid sending secrets or unnecessary private data in tool-call context.
Users may over-rely on the guardrail as complete protection without independently validating its actual behavior.
These are strong safety claims, but the supplied artifact does not include the implementation needed to verify them.
Deterministic – runs in `before_tool_call`; the agent cannot skip it. ... Fail-closed – if the guardrail errors, the tool is blocked. ... unsafe actions never run.
Treat the guardrail as one security control, test its allow/deny behavior, and do not assume it prevents all unsafe actions until verified in your environment.