← 返回 Skills 市场

ClawGuard

Name: ClawGuard
Author: lidan-capsule

作者 lidan-capsule · GitHub ↗ · v0.1.5

cross-platform ⚠ suspicious

2318

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawguard

功能描述

Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls

使用说明 (SKILL.md)

ClawGuard Plugin Installation Guide

ClawGuard is a security plugin that uses an LLM-as-a-Judge to evaluate tool calls before execution, detecting and optionally blocking risky operations.

Prerequisites

Before installing ClawGuard, ensure the gateway's chat completions endpoint is enabled:

openclaw config set gateway.http.endpoints.chatCompletions.enabled true

Installation

Install the plugin from npm:

openclaw plugins install @capsulesecurity/clawguard

After installation, restart the gateway to load the plugin.

Docker Installation

If running OpenClaw in Docker:

# Install the plugin
docker compose run --rm openclaw-cli plugins install @capsulesecurity/clawguard

# Restart gateway with force-recreate to reload env vars
docker compose up -d --force-recreate openclaw-gateway

Important: Always use --force-recreate when restarting. Plain docker compose restart does NOT reload environment variables.

Verify Installation

Check the gateway logs for the initialization message:

[clawguard] Initialized (logging: true, security: true, block: true, metrics: enabled)

Configuration

Configure ClawGuard via openclaw config set plugins.clawguard.\x3Coption> \x3Cvalue>:

Option	Default	Description
enabled	true	Enable/disable the plugin
logToolCalls	true	Log tool call JSON to gateway logs
securityCheckEnabled	true	Run LLM security evaluation
blockOnRisk	true	Block high/critical risk tool calls
maxContextWords	2000	Session context word limit for evaluation
timeoutMs	15000	Security check timeout in milliseconds
gatewayHost	127.0.0.1	Gateway host for LLM calls
gatewayPort	18789	Gateway port for LLM calls
metricsEnabled	true	Enable anonymous usage metrics

Example Configuration

# Disable blocking (log-only mode)
openclaw config set plugins.clawguard.blockOnRisk false

# Increase timeout for slower models
openclaw config set plugins.clawguard.timeoutMs 30000

# Disable metrics collection
openclaw config set plugins.clawguard.metricsEnabled false

Gateway Authentication

ClawGuard calls the gateway's /v1/chat/completions endpoint internally. If you see 401 Unauthorized errors:

Check the gateway token in your environment matches the config:

# Check env var
printenv OPENCLAW_GATEWAY_TOKEN

# Check config token
cat ~/.openclaw/openclaw.json | grep -A2 '"token"'

If tokens don't match, update your environment and restart the gateway.

For Docker, ensure .env contains the correct OPENCLAW_GATEWAY_TOKEN and use --force-recreate when restarting.

Troubleshooting

405 Method Not Allowed

The chat completions endpoint is not enabled. Run:

openclaw config set gateway.http.endpoints.chatCompletions.enabled true

401 Unauthorized

Token mismatch between environment and config. See Gateway Authentication section above.

Plugin Not Loading

Check openclaw plugins list shows clawguard
Restart the gateway
Check gateway logs for errors

How It Works

ClawGuard registers a before_tool_call hook that:

Logs tool call details (if logToolCalls is enabled)
Sends tool context to an LLM for security evaluation
Returns a risk assessment (none/low/medium/high/critical)
Blocks execution if risk is high/critical (if blockOnRisk is enabled)

The security evaluation uses your configured LLM provider, so it works with any model you have set up in OpenClaw.

Links

安全使用建议

This instruction-only skill directs you to install a third‑party npm plugin that will inspect and (by default) log and possibly block tool calls. Before installing: 1) Verify the npm package and its publisher (review the package page and the linked GitHub repo, check recent releases and maintainers). 2) Inspect the plugin source or release tarball if possible to confirm no unexpected behavior. 3) Note defaults: logToolCalls=true and metricsEnabled=true — consider disabling metrics and enabling log-only mode (blockOnRisk=false) initially to avoid unintended data sharing or blocking. 4) Run installation and testing in a staging or isolated environment first, and ensure the gateway token is managed securely (do not paste tokens into public logs). 5) If you need higher assurance, obtain a checksum/signature for the npm package or vendor-signed release before deploying in production.

功能分析

Type: OpenClaw Skill Name: clawguard Version: 0.1.5 The skill bundle is classified as suspicious due to instructions in SKILL.md that direct the AI agent to read potentially sensitive API tokens. Specifically, the agent is instructed to execute `printenv OPENCLAW_GATEWAY_TOKEN` and `cat ~/.openclaw/openclaw.json | grep -A2 '"token"'` for troubleshooting purposes. While the stated intent is for debugging plugin authentication, these commands directly access sensitive environment variables and local configuration files, representing a risky capability that could be misused if the agent's behavior were subverted or if the instructions were part of a broader attack chain.

能力评估

✓ Purpose & Capability

The name and description (an LLM-as-a-Judge guardrail) match the instructions: enabling the chat completions endpoint and installing an OpenClaw plugin that inspects tool calls and queries your configured LLM. Nothing requested in the SKILL.md appears unrelated to that purpose.

✓ Instruction Scope

Instructions stay on task: enable gateway endpoint, install plugin via openclaw, restart gateway, and configure options. They do instruct checking the gateway token (env var OPENCLAW_GATEWAY_TOKEN) and reading ~/.openclaw/openclaw.json for token mismatch — both are directly relevant to connecting to the local gateway and troubleshooting authentication.

ℹ Install Mechanism

The skill is instruction-only (no packaged install spec in the registry) and tells the user to install @capsulesecurity/clawguard from npm via the openclaw plugin manager. Installing an npm package pulls third‑party code from the registry — a moderately risky supply‑chain action that is expected for this use but should be reviewed before installation.

✓ Credentials

The skill does not declare required env vars, but the runtime guidance legitimately references OPENCLAW_GATEWAY_TOKEN and the gateway config file to diagnose 401 errors. Those accesses are proportional to operating the plugin.

✓ Persistence & Privilege

No special persistence flags (always:false). The plugin runs inside OpenClaw after installation; the skill does not request system-wide config changes beyond enabling the chat completions endpoint and plugin configuration. Autonomous invocation by the agent is the platform default and not a unique concern here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawguard
安装完成后，直接呼叫该 Skill 的名称或使用 /clawguard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.5

- Added detailed installation and configuration instructions for the ClawGuard plugin, including Docker support. - Provided troubleshooting guidance for common issues (401/405 errors, plugin loading). - Documented all available configuration options with descriptions and examples. - Explained the plugin’s security evaluation workflow and how it integrates with OpenClaw. - Included links to the ClawGuard GitHub and npm package for further reference.

元数据

Slug clawguard

版本 0.1.5

许可证 —

累计安装 11

当前安装数 10

历史版本数 1

常见问题

ClawGuard 是什么？

Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2318 次。

如何安装 ClawGuard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawguard」即可一键安装，无需额外配置。

ClawGuard 是免费的吗？

是的，ClawGuard 完全免费（开源免费），可自由下载、安装和使用。

ClawGuard 支持哪些平台？

ClawGuard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 ClawGuard？

由 lidan-capsule（@lidan-capsule）开发并维护，当前版本 v0.1.5。