← Back to Skills Marketplace
lidan-capsule

ClawGuard

by lidan-capsule · GitHub ↗ · v0.1.5
cross-platform ⚠ suspicious
2318
Downloads
0
Stars
10
Active Installs
1
Versions
Install in OpenClaw
/install clawguard
Description
Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls
README (SKILL.md)

ClawGuard Plugin Installation Guide

ClawGuard is a security plugin that uses an LLM-as-a-Judge to evaluate tool calls before execution, detecting and optionally blocking risky operations.

Prerequisites

Before installing ClawGuard, ensure the gateway's chat completions endpoint is enabled:

openclaw config set gateway.http.endpoints.chatCompletions.enabled true

Installation

Install the plugin from npm:

openclaw plugins install @capsulesecurity/clawguard

After installation, restart the gateway to load the plugin.

Docker Installation

If running OpenClaw in Docker:

# Install the plugin
docker compose run --rm openclaw-cli plugins install @capsulesecurity/clawguard

# Restart gateway with force-recreate to reload env vars
docker compose up -d --force-recreate openclaw-gateway

Important: Always use --force-recreate when restarting. Plain docker compose restart does NOT reload environment variables.

Verify Installation

Check the gateway logs for the initialization message:

[clawguard] Initialized (logging: true, security: true, block: true, metrics: enabled)

Configuration

Configure ClawGuard via openclaw config set plugins.clawguard.\x3Coption> \x3Cvalue>:

Option Default Description
enabled true Enable/disable the plugin
logToolCalls true Log tool call JSON to gateway logs
securityCheckEnabled true Run LLM security evaluation
blockOnRisk true Block high/critical risk tool calls
maxContextWords 2000 Session context word limit for evaluation
timeoutMs 15000 Security check timeout in milliseconds
gatewayHost 127.0.0.1 Gateway host for LLM calls
gatewayPort 18789 Gateway port for LLM calls
metricsEnabled true Enable anonymous usage metrics

Example Configuration

# Disable blocking (log-only mode)
openclaw config set plugins.clawguard.blockOnRisk false

# Increase timeout for slower models
openclaw config set plugins.clawguard.timeoutMs 30000

# Disable metrics collection
openclaw config set plugins.clawguard.metricsEnabled false

Gateway Authentication

ClawGuard calls the gateway's /v1/chat/completions endpoint internally. If you see 401 Unauthorized errors:

  1. Check the gateway token in your environment matches the config:

    # Check env var
printenv OPENCLAW_GATEWAY_TOKEN

# Check config token
cat ~/.openclaw/openclaw.json | grep -A2 '"token"'

  2. If tokens don't match, update your environment and restart the gateway.

For Docker, ensure .env contains the correct OPENCLAW_GATEWAY_TOKEN and use --force-recreate when restarting.

Troubleshooting

405 Method Not Allowed

The chat completions endpoint is not enabled. Run:

openclaw config set gateway.http.endpoints.chatCompletions.enabled true

401 Unauthorized

Token mismatch between environment and config. See Gateway Authentication section above.

Plugin Not Loading

  1. Check openclaw plugins list shows clawguard
  2. Restart the gateway
  3. Check gateway logs for errors

How It Works

ClawGuard registers a before_tool_call hook that:

  1. Logs tool call details (if logToolCalls is enabled)
  2. Sends tool context to an LLM for security evaluation
  3. Returns a risk assessment (none/low/medium/high/critical)
  4. Blocks execution if risk is high/critical (if blockOnRisk is enabled)

The security evaluation uses your configured LLM provider, so it works with any model you have set up in OpenClaw.

Links

Usage Guidance
This instruction-only skill directs you to install a third‑party npm plugin that will inspect and (by default) log and possibly block tool calls. Before installing: 1) Verify the npm package and its publisher (review the package page and the linked GitHub repo, check recent releases and maintainers). 2) Inspect the plugin source or release tarball if possible to confirm no unexpected behavior. 3) Note defaults: logToolCalls=true and metricsEnabled=true — consider disabling metrics and enabling log-only mode (blockOnRisk=false) initially to avoid unintended data sharing or blocking. 4) Run installation and testing in a staging or isolated environment first, and ensure the gateway token is managed securely (do not paste tokens into public logs). 5) If you need higher assurance, obtain a checksum/signature for the npm package or vendor-signed release before deploying in production.
Capability Analysis
Type: OpenClaw Skill Name: clawguard Version: 0.1.5 The skill bundle is classified as suspicious due to instructions in SKILL.md that direct the AI agent to read potentially sensitive API tokens. Specifically, the agent is instructed to execute `printenv OPENCLAW_GATEWAY_TOKEN` and `cat ~/.openclaw/openclaw.json | grep -A2 '"token"'` for troubleshooting purposes. While the stated intent is for debugging plugin authentication, these commands directly access sensitive environment variables and local configuration files, representing a risky capability that could be misused if the agent's behavior were subverted or if the instructions were part of a broader attack chain.
Capability Assessment
Purpose & Capability
The name and description (an LLM-as-a-Judge guardrail) match the instructions: enabling the chat completions endpoint and installing an OpenClaw plugin that inspects tool calls and queries your configured LLM. Nothing requested in the SKILL.md appears unrelated to that purpose.
Instruction Scope
Instructions stay on task: enable gateway endpoint, install plugin via openclaw, restart gateway, and configure options. They do instruct checking the gateway token (env var OPENCLAW_GATEWAY_TOKEN) and reading ~/.openclaw/openclaw.json for token mismatch — both are directly relevant to connecting to the local gateway and troubleshooting authentication.
Install Mechanism
The skill is instruction-only (no packaged install spec in the registry) and tells the user to install @capsulesecurity/clawguard from npm via the openclaw plugin manager. Installing an npm package pulls third‑party code from the registry — a moderately risky supply‑chain action that is expected for this use but should be reviewed before installation.
Credentials
The skill does not declare required env vars, but the runtime guidance legitimately references OPENCLAW_GATEWAY_TOKEN and the gateway config file to diagnose 401 errors. Those accesses are proportional to operating the plugin.
Persistence & Privilege
No special persistence flags (always:false). The plugin runs inside OpenClaw after installation; the skill does not request system-wide config changes beyond enabling the chat completions endpoint and plugin configuration. Autonomous invocation by the agent is the platform default and not a unique concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawguard
  3. After installation, invoke the skill by name or use /clawguard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
- Added detailed installation and configuration instructions for the ClawGuard plugin, including Docker support. - Provided troubleshooting guidance for common issues (401/405 errors, plugin loading). - Documented all available configuration options with descriptions and examples. - Explained the plugin’s security evaluation workflow and how it integrates with OpenClaw. - Included links to the ClawGuard GitHub and npm package for further reference.
Metadata
Slug clawguard
Version 0.1.5
License
All-time Installs 11
Active Installs 10
Total Versions 1
Frequently Asked Questions

What is ClawGuard?

Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls. It is an AI Agent Skill for Claude Code / OpenClaw, with 2318 downloads so far.

How do I install ClawGuard?

Run "/install clawguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawGuard free?

Yes, ClawGuard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ClawGuard support?

ClawGuard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawGuard?

It is built and maintained by lidan-capsule (@lidan-capsule); the current version is v0.1.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments