← Back to Skills Marketplace
wiserautomation

AgentGate - Enterprise Security Firewall for OpenClaw

by wiserautomation · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
724
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install agentgate-security
Description
Enforces regex-based, real-time authorization policies on OpenClaw agents’ tool calls, blocking, allowing, or requiring approval before execution.
README (SKILL.md)

AgentGate - Enterprise Security Firewall for OpenClaw

AgentGate is a real-time policy enforcement layer that intercepts every tool call your OpenClaw agent makes before it executes. It evaluates the call against human-defined regex-based rules stored in Firestore and returns one of three decisions: ALLOW, DENY, or REQUIRE_APPROVAL.

Why this exists

OpenClaw agents operate with full tool access by default. A single hallucination can cause the agent to run rm -rf, send unauthorized emails, issue Stripe API calls, push broken code to production, or exfiltrate data to external endpoints. AgentGate intercepts every tool call before execution.

Architecture

AgentGate wraps the agent executeTool method using a middleware pattern. On every tool invocation it sends a POST request to the AgentGate Firebase Cloud Function with the agent API key, tool name, and serialized arguments. The function validates the key, evaluates regex policies, writes to the audit log, and returns the decision in under 80ms.

Decision types

ALLOW: Tool executes normally. DENY: Tool is blocked. Agent receives structured error: "AgentGate: Action blocked by policy [policy_id]. Do not retry." REQUIRE_APPROVAL: Execution paused. Telegram webhook fires to operator with Approve/Deny buttons. Agent polls Firestore every 2 seconds for up to 5 minutes.

Supported tool types

  • bash: shell command execution
  • browser: Playwright-based web automation
  • fetch: outbound HTTP requests
  • fs: filesystem read and write
  • email: SMTP and SendGrid integrations
  • stripe: payment API calls

Policy format

agentId: string toolName: string (e.g. "bash") condition: string (regex evaluated against JSON.stringify(args)) ruleType: "ALLOW" | "DENY" | "REQUIRE_APPROVAL" priority: integer (lower = evaluated first)

Example - block destructive bash commands: toolName: "bash" condition: "rm\s+-rf|DROP\s+TABLE" ruleType: "DENY"

Example - require approval for Stripe charges over $100: toolName: "stripe" condition: ""amount":\s*[1-9][0-9]{4,}" ruleType: "REQUIRE_APPROVAL"

Example - whitelist-only outbound fetch: toolName: "fetch" condition: "^(?!.(api\.github\.com|agent-gate-rho\.vercel\.app)).$" ruleType: "DENY"

SDK usage

npm install @agentgate/openclaw-guard

import OpenClaw from 'openclaw'; import { withAgentGate } from '@agentgate/openclaw-guard';

const agent = new OpenClaw({ model: 'claude-3-5-sonnet', tools: ['bash', 'browser', 'fetch'] });

const securedAgent = withAgentGate(agent, { apiKey: process.env.AGENTGATE_API_KEY, endpoint: 'https://agent-gate-rho.vercel.app/api/evaluate-action', onDeny: (toolName, args, policyId) => console.log('Blocked:', toolName, policyId), onApprovalRequired: (toolName, args) => console.log('Awaiting approval:', toolName) });

await securedAgent.run('Research competitors and update the CRM');

Dashboard

https://agent-gate-rho.vercel.app provides:

  • Agent management and API key rotation
  • AI Policy Wizard: describe rules in plain English, Gemini generates the regex
  • Real-time audit log via Firestore onSnapshot
  • Approval queue with one-click approve or deny

Getting started

  1. Sign up free at https://agent-gate-rho.vercel.app
  2. Create an agent and copy the API key
  3. npm install @agentgate/openclaw-guard
  4. Wrap your agent with withAgentGate
  5. Define policies in the dashboard using the AI Wizard
  6. Watch the real-time audit log as your agent runs

Pricing

Free: 1 agent, 500 evaluations/month, 7-day audit log. No credit card required.

Usage Guidance
Before installing or using this skill, consider the following: (1) The SKILL.md requires an AGENTGATE_API_KEY and installing an npm package, but the registry metadata does not declare those — ask the publisher to explicitly list required env vars and provide the package source code. (2) This skill forwards full serialized tool arguments (which may contain secrets, file contents, Stripe amounts, SMTP data, etc.) to a remote endpoint and stores audit logs in Firestore — verify the remote service's privacy, retention, and access controls, and whether payloads are redacted or encrypted. (3) Review the source for @agentgate/openclaw-guard and the cloud functions (or ask for an auditable deployment), and only install from a verified, pinned package/version. (4) If you must test, run in an isolated environment with non-production credentials and limited data, rotate any API keys used, and monitor agent/audit logs closely. (5) If your threat model requires that sensitive data never leaves your environment, prefer a local-only enforcement solution or require the publisher to provide an on-prem/self-host option and a security whitepaper explaining data flows. If the publisher cannot provide clear provenance and data-handling guarantees, treat this skill as high-risk.
Capability Analysis
Type: OpenClaw Skill Name: agentgate-security Version: 1.0.0 The skill bundle describes 'AgentGate', a security firewall that intercepts OpenClaw agent tool calls. It is classified as suspicious because its core functionality involves sending sensitive data, specifically the agent API key and serialized tool arguments, to an external third-party endpoint (https://agent-gate-rho.vercel.app/api/evaluate-action) for policy evaluation. While this is presented as a security feature in SKILL.md, it introduces a significant trust boundary and a high-risk supply chain vulnerability. A compromised or malicious external service could exfiltrate sensitive data or manipulate agent behavior, even though the provided documentation does not show explicit malicious intent from the skill itself.
Capability Assessment
Purpose & Capability
The SKILL.md describes a networked firewall that forwards agent API key, tool name, and serialized arguments to a remote cloud function and stores logs in Firestore. That capability would legitimately require an API key, endpoint config, and installable SDK; however the registry metadata declares no required env vars, no install spec, and no homepage even though the SKILL.md includes a specific endpoint/website. The absence of declared credentials and install info is inconsistent with the described purpose.
Instruction Scope
Instructions explicitly tell integrators to send the agent API key and JSON.stringify(args) to a remote endpoint on every tool call, to poll Firestore every 2s for approvals, and to trigger Telegram webhooks. That means potentially sensitive data (shell commands, HTTP request bodies, filesystem contents, Stripe args, emails, etc.) will be transmitted to an external service — there is no mention of encryption, minimization, access/retention policies, or what fields are redacted. The SKILL.md also instructs installing and using an npm SDK but provides no code or provenance for that package inside the registry.
Install Mechanism
This is an instruction-only skill (no install spec in registry), yet SKILL.md tells users to npm install @agentgate/openclaw-guard and to sign up at a vercel.app dashboard. Installing an npm package from the public registry is a common pattern, but the registry should declare that dependency and any required environment configuration. The lack of an install spec and lack of code in the package bundle means the user must trust an external npm package and the remote service.
Credentials
The runtime flow requires an AGENTGATE_API_KEY (used on every tool call) and likely service-specific credentials (Firestore, Telegram/webhook config). Yet the skill metadata lists no required env vars or primary credential. Requesting an API key that will receive full serialized tool arguments (potentially secrets) is high-privilege and should be explicitly declared and justified — it is not.
Persistence & Privilege
The skill does not request 'always' presence and leaves autonomous invocation enabled (normal). It will, however, be implemented as a wrapper on the agent's tool-execution path and thus intercepts all calls. That interception behavior is consistent with the stated purpose, but combined with the remote-forwarding design it increases the blast radius because every tool call and the agent API key are transmitted off-host.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agentgate-security
  3. After installation, invoke the skill by name or use /agentgate-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
v1.0.0 - Initial public release. Ships with: policy evaluation engine (ALLOW/DENY/REQUIRE_APPROVAL), Firebase Firestore rule storage, real-time audit log dashboard, AI Policy Wizard that converts plain English descriptions into regex rules, and Telegram webhook approval notifications. Tested against OpenClaw bash, browser, and fetch tool types.
Metadata
Slug agentgate-security
Version 1.0.0
License
All-time Installs 5
Active Installs 5
Total Versions 1
Frequently Asked Questions

What is AgentGate - Enterprise Security Firewall for OpenClaw?

Enforces regex-based, real-time authorization policies on OpenClaw agents’ tool calls, blocking, allowing, or requiring approval before execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 724 downloads so far.

How do I install AgentGate - Enterprise Security Firewall for OpenClaw?

Run "/install agentgate-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AgentGate - Enterprise Security Firewall for OpenClaw free?

Yes, AgentGate - Enterprise Security Firewall for OpenClaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AgentGate - Enterprise Security Firewall for OpenClaw support?

AgentGate - Enterprise Security Firewall for OpenClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AgentGate - Enterprise Security Firewall for OpenClaw?

It is built and maintained by wiserautomation (@wiserautomation); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments