← Back to Skills Marketplace
atlaspa

Openclaw Egress

by AtlasPA · GitHub ↗ · v1.0.2
darwinlinuxwin32 ⚠ suspicious
1585
Downloads
0
Stars
3
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-egress
Description
Network data loss prevention for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls. Maps every external connection. Free alert layer — upgrade to openclaw-egress-pro for blocking, quarantine, and URL allowlists.
Usage Guidance
This skill largely does what it says — scanning for outbound URLs and network calls — but the bundled script contains code paths for saving an allowlist and for quarantining/modifying skills (renaming directories, inserting block comments). The SKILL.md and README emphasize 'alert-only' for the free version yet the code includes modification capabilities; source/homepage are not provided. Before installing or running: (1) review the full scripts (search for rename/move, os.remove, shutil.move, write/open calls that change other directories), (2) run scans on a copy or a non-production workspace first, (3) back up your workspace/skills, (4) prefer running with --skills-only and in read-only mode if available, and (5) avoid granting broad write access if you don’t trust the source. If you need absolute assurance, ask the publisher for a provenance URL or a signed release and/or run the script in an isolated container or VM.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-egress Version: 1.0.2 This skill is designed as a Network DLP tool, which is a security-focused purpose. However, it possesses high-risk capabilities, including reading all files in the workspace, modifying code files by commenting out lines, and disabling other skills by renaming their directories. While these actions are intended for defensive purposes (blocking exfiltration, quarantining compromised skills), the power to alter code and disable components within the agent's workspace constitutes a significant capability that, if misused or buggy, could lead to denial of service or unintended code changes. The `scripts/egress.py` file contains the logic for these modifications, particularly in the `_block_lines`, `cmd_block`, `cmd_quarantine`, and `cmdtect` functions. The `SKILL.md` and `README.md` files are clean and do not contain prompt injection attempts.
Capability Assessment
Purpose & Capability
Name/description match the code's scanning capabilities (URL detection, network-call heuristics). Requiring only python3 is proportionate. However, the package also contains constants and helper functions for quarantine and allowlist persistence (QUARANTINE_PREFIX, BLOCK_COMMENT, save_allowlist) which go beyond a read-only scanner and are not clearly declared in SKILL.md's 'free alert' description.
Instruction Scope
SKILL.md documents only scanning, domain listing, and status commands and promises 'everything runs locally' with no external I/O. The script's header and constants indicate functionality to quarantine skills and enforce allowlists (which implies modifying files/directories). The instructions do not warn that running the script could rename directories, write .egress-allowlist.json, insert block comments, or otherwise modify workspace/skills.
Install Mechanism
No install spec; the skill is shipped as a script and README. That's low-risk from supply-chain/remote-download perspective. It does include an actual script file (not instruction-only), so there is executable code to review.
Credentials
The skill requests no credentials and only python3, which is appropriate for scanning. However the script reads and writes inside the user's workspace (loads/saves an allowlist file and likely can quarantine/modify other skill directories). That level of filesystem write access should be explicitly declared and justified; it is not surfaced clearly in the SKILL.md usage examples.
Persistence & Privilege
The skill is not always-enabled and not force-installed, which is good. However the code appears able to modify other skills (quarantine via directory rename/prefix and potentially inject block comments) and to persist an allowlist in the workspace. Modifying other skills' files or directories without an explicit, visible opt-in is a privileged action and a notable risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-egress
  3. After installation, invoke the skill by name or use /openclaw-egress
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Removed references and instructions for upgrading to "openclaw-egress-pro" in documentation. - Updated SKILL.md and README.md to clarify current feature set (no mention of blocking or premium features). - No code logic changes; updates focus on making documentation accurate and concise.
v1.0.1
- Updated README.md for clarity and documentation improvements. - No functional changes to the code or features.
v1.0.0
Initial release of openclaw-egress: network data loss prevention (DLP) for agent workspaces. - Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls. - Maps every external connection in the workspace. - Provides full scan, skills-only scan, domain mapping, and status commands via a Python script. - Uses only the Python standard library; no external dependencies. - Alerts on risks from critical (exfiltration endpoints) to info (unknown external URLs). - Free alerting layer; blocking actions available with openclaw-egress-pro.
Metadata
Slug openclaw-egress
Version 1.0.2
License
All-time Installs 3
Active Installs 3
Total Versions 3
Frequently Asked Questions

What is Openclaw Egress?

Network data loss prevention for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls. Maps every external connection. Free alert layer — upgrade to openclaw-egress-pro for blocking, quarantine, and URL allowlists. It is an AI Agent Skill for Claude Code / OpenClaw, with 1585 downloads so far.

How do I install Openclaw Egress?

Run "/install openclaw-egress" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Egress free?

Yes, Openclaw Egress is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Egress support?

Openclaw Egress is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Openclaw Egress?

It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments