Tools
Claw_Guard
By openclaw security, openclaw plugin, secure skills
Install
npm install
npmREADME
# Claw Guard
<p align="center">
<img src="./asserts/ClawGuard_pic.png" alt="Claw Guard" width="220" />
</p>
English | [简体中文](./README.zh-CN.md) | [日本語](./README.ja-JP.md) | [한국어](./README.ko-KR.md) | [Français](./README.fr-FR.md) | [Deutsch](./README.de-DE.md) | [Español](./README.es-ES.md) | [Русский](./README.ru-RU.md)
Claw Guard is an OpenClaw security plugin that adds a local guard layer in front of risky agent activity.
It can warn, block, audit, pause the gateway, expose a dashboard, and optionally talk to a remote policy service.
## Install
If you want OpenClaw to install the plugin for you, send the agent this prompt:
```text
Please install the OpenClaw plugin "@bitslabguard/claw-guard" for me.
Use the standard OpenClaw plugin install flow, enable the plugin after installation if needed, and then verify the install result by checking the plugin info for "claw-guard".
```
## Install From npm
If you want to install Claw Guard directly from npm, use the published package with OpenClaw:
```bash
openclaw plugins install @bitslabguard/claw-guard
```
To install a specific version:
```bash
openclaw plugins install @bitslabguard/[email protected]
```
## What It Does
- Intercepts risky tool calls through OpenClaw hooks
- Applies local allow/deny rules for commands, paths, and URLs
- Sends localized warning or block notices back into chat channels
- Exposes a built-in dashboard for status, scans, pause, resume, and settings
- Supports emergency pause and resume with snapshot-based recovery
- Records structured audit logs
- Optionally uploads events to `Claw_Guard_Server` for remote policy decisions
## Main Features
- `before_tool_call` risk filtering for commands, paths, URLs, and generic tools
- `message_received` interception for install-style instructions
- Dashboard settings for mode, locale, auto-upgrade, pause defaults, interception, and intel
- Auto-upgrade background service
- Config security scan and public exposure scan
- Chat commands for operator workflows:
- `/sec_help`
- `/uninstall`
- `/uninstall confirm <token>`
- `/sec_openclaw_upgrade`
- `/sec_openclaw_upgrade confirm <token>`
- `/sec_scan`
- `/sec_language [auto|locale]`
- `/sec_block_stats [count]`
## Dashboard
Claw Guard ships a built-in dashboard implemented with Preact.
The dashboard keeps support for:
- runtime status
- recent hook signals
- audit summary
- security scans
- pause and resume actions
- settings for `autoUpgrade`, locale, interception, intel, and pause defaults
## Installation
### Requirements
- Node.js `>=20`
- A working OpenClaw installation available on `PATH`
### Install From GitHub Release
For most users, the easiest path is to install the latest packaged release from GitHub.
OpenClaw supports installing plugin archives directly from `.zip` files.
1. Open the GitHub Releases page for this project.
2. Download the latest release asset named like `claw-guard-v0.0.3.zip`.
3. Install the downloaded archive with OpenClaw:
```bash
openclaw plugins install /path/to/claw-guard-v0.0.3.zip
```
4. Verify that the plugin is installed:
```bash
openclaw plugins info claw-guard
```
If your running Gateway has not picked up the new plugin yet, restart OpenClaw once after install.
### Local Development Install
From the plugin root:
```bash
npm install
npm run build
openclaw plugins install -l .
```
Or from the workspace root:
```bash
openclaw plugins install -l ./Claw_Guard
```
### Bootstrap Installer
This repo also includes a helper installer:
```bash
npm run bootstrap:install -- --source local --path .
```
Useful flags:
- `--skip-doctor`
- `--no-restart`
- `--dry-run`
## Development
Install dependencies:
```bash
npm install
```
Build:
```bash
npm run build
```
Run typecheck:
```bash
npm run typecheck
```
Run tests:
```bash
npm test
```
Run the main validation path:
```bash
npm run check
```
## Release
Update the version in both manifests:
```bash
npm run release:version -- 0.0.3
```
Create the release archive:
```bash
npm run build
npm run release:pack
```
Release details are documented in [docs/release.md](./docs/release.md).
## Project Docs
- [docs/README.md](./docs/README.md)
- [docs/architecture.md](./docs/architecture.md)
- [docs/release.md](./docs/release.md)
- [docs/server-api.md](./docs/server-api.md)
tools
Comments
Sign in to leave a comment