I built a plugin for OpenClaw that intercepts tool calls before and after they execute and checks for: Secrets: API keys, tokens, cloud credentials, private keys PII: SSN, credit cards, emails, phone numbers Destructive commands: rm -rf, git reset --hard, DROP TABLE, sudo, etc. When something is detected, you can configure it to block, redact, require confirmation, or just warn. I added some defaults, e.g. it blocks rm -rf / and warns for email exposure. Install: openclaw plugins install clawguardian Example: $ openclaw agent --message "run echo '4358 9100 8899 4843'" --agent main 09:33:20 [plugins] ClawGuardian: pii_credit_card (high) detected in tool exec params Done. The command ran, but ClawGuardian redacted the output since it detects the card-like format. GitHub: https://github.com/superglue-ai/clawguardian This is an early version, so I'd love some feedback and thoughts on how to make ClawGuardian better. This is not a replacement for being careful with OpenClaw's capabilities, just an additional security layer preventing the bot from posting my SSN that if found in my emails on some obscure agent social media network. |