ClawAegis

Name: ClawAegis
Rating: 3.5 (1 reviews)
Author: Xinhao-Deng

By Xinhao-Deng 👁 160 views ▲ 0 votes

ClawAegis is a standalone security plugin for OpenClaw with a practical five-layer defense model

GitHub

Install

openclaw plugins install /absolute/path/to/ClawAegis

README

# ClawAegis

ClawAegis is a standalone security plugin for OpenClaw with a practical five-layer defense model.
It is designed for fast adoption: install it as a regular plugin, then enable or disable each layer independently.

## Why ClawAegis

- Independent plugin architecture (no OpenClaw core patch required)
- Layer-by-layer controls for incremental rollout
- Two operating modes:
  - `monitor`: detect and log
  - `enforce`: detect and block

## Quick Start

Install from any working directory using an absolute path:

```bash
openclaw plugins install /absolute/path/to/ClawAegis
```


Restart OpenClaw gateway/app after installation.

Verify plugin installation:

```bash
openclaw plugins list
```

## Configuration

```json5
{
  plugins: {
    allow: ["claw-aegis"],
    entries: {
      "claw-aegis": {
        enabled: true,
        config: {
          mode: "enforce", // monitor | enforce
          layers: {
            trustedBase: {
              enabled: true,
              autoFix: true
            },
            inputSensing: {
              enabled: true,
              blockOnDetect: true
            },
            cognitiveState: {
              enabled: true,
              protectFiles: ["HEARTBEAT.md", "MEMORY.md", "memory/*.md"]
            },
            decisionAlign: {
              enabled: true,
              strictness: "medium" // low | medium | high
            },
            execControl: {
              enabled: true,
              defaultHost: "sandbox", // sandbox | gateway | node
              minSecurity: "deny", // deny | allowlist | full
              defaultAsk: "always", // off | on-miss | always
              blockElevated: true
            }
          }
        }
      }
    }
  }
}
```

Toggle one layer:

```bash
openclaw config set plugins.entries.claw-aegis.config.layers.execControl.enabled false
```

Switch to monitor mode:

```bash
openclaw config set plugins.entries.claw-aegis.config.mode monitor
```

## Five Defense Layers

1. Trusted Base Layer
- Scans risky OpenClaw config values and auto-fixes common unsafe settings.
- Scans skill sources (`skills.load.extraDirs`) and risky skill env keys (`NODE_OPTIONS`, `LD_PRELOAD`, etc.).

2. Input Sensing Layer
- Detects prompt-injection signals in user prompts, tool results, and cross-session messages.
- Blocks high-risk follow-up tool calls in `enforce` mode.

3. Cognitive State Layer
- Detects memory poisoning signals during compaction and message persistence.
- Protects memory files (`HEARTBEAT.md`, `MEMORY.md`, `memory/*.md`) from suspicious writes.

4. Decision Alignment Layer
- Infers coarse intent from user prompt (`read_only`, `write`, `execute`, `messaging`).
- Blocks tool calls that violate the active intent policy.

5. Execution Control Layer
- Applies dynamic least-privilege defaults to `exec`.
- Blocks known dangerous command patterns.

## Independence Design

ClawAegis uses only OpenClaw plugin hooks and public plugin runtime APIs:

- Hooks: `before_prompt_build`, `before_tool_call`, `tool_result_persist`, `before_message_write`, `before_compaction`, `message_sending`, `gateway_start`
- Runtime APIs: `runtime.config.loadConfig()` and `runtime.config.writeConfigFile()`

This keeps the plugin installable, removable, and upgradable without touching OpenClaw core.

tools