# Send Aport Agent Guardrail to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "aport-agent-guardrail", "name": "Aport Agent Guardrail", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/uchibeke/aport-agent-guardrail", "canonicalUrl": "https://clawhub.ai/uchibeke/aport-agent-guardrail", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/aport-agent-guardrail", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=aport-agent-guardrail", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/aport-agent-guardrail" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/aport-agent-guardrail", "downloadUrl": "https://openagent3.xyz/downloads/aport-agent-guardrail", "agentUrl": "https://openagent3.xyz/skills/aport-agent-guardrail/agent", "manifestUrl": "https://openagent3.xyz/skills/aport-agent-guardrail/agent.json", "briefUrl": "https://openagent3.xyz/skills/aport-agent-guardrail/agent.md" } } ``` ## Documentation ### APort Agent Guardrail Pre-action authorization for AI agents. Installs an OpenClaw before_tool_call hook that evaluates every tool call against a passport (identity + capabilities + limits) and policy before it executes. If the policy denies the call, the tool does not run. This skill provides setup instructions. The enforcement logic comes from the @aporthq/aport-agent-guardrails npm package, which is open-source (Apache 2.0) and can be audited before installation. ### When to use this skill User wants to add guardrails to their AI agent setup User asks about protecting against unauthorized tool calls User wants pre-action authorization for OpenClaw, IronClaw, or PicoClaw agents User needs audit trails for AI agent actions ### How it works User Request -> Agent Decision -> APort Hook -> [ALLOW/DENY] -> Tool Execution | Policy + Passport Agent decides to use a tool (e.g., run a shell command) OpenClaw fires the before_tool_call hook APort loads the passport, maps the tool to a policy, checks allowlists and limits Decision: ALLOW (tool runs) or DENY (tool blocked) Decision is logged to the audit trail Enforcement runs in the OpenClaw hook layer, not in agent prompts. However, like any application-layer security control, it depends on the integrity of the runtime environment (OS, OpenClaw, filesystem). See the Security Model for trust boundaries. ### Prerequisites Check these before starting: Node.js 18+ and npx — run node -v to verify (must show v18 or higher) OpenClaw (or compatible runtime) — the hook registers as an OpenClaw plugin ### Quick start (recommended) npx @aporthq/aport-agent-guardrails The wizard will: Create or load a passport (local file or hosted from aport.io) Configure capabilities and limits Register the OpenClaw plugin (adds before_tool_call hook) Set up wrapper scripts under ~/.openclaw/ After install, the hook runs on every tool call automatically. ### With hosted passport (optional) npx @aporthq/aport-agent-guardrails Get agent_id at aport.io for signed decisions, global suspend, and centralized audit dashboards. ### From source git clone https://github.com/aporthq/aport-agent-guardrails cd aport-agent-guardrails ./bin/openclaw ### What gets installed Files created under ~/.openclaw/: Plugin config in config.yaml or openclaw.json Wrapper scripts in .skills/aport-guardrail*.sh aport/passport.json (local mode only) aport/decision.json and aport/audit.log (created at runtime) Total disk usage: ~100KB for scripts + passport/decision files. ### Usage After installation, the hook runs automatically on every tool call: # Allowed command — hook approves, tool executes agent> run git status # APort: passport checked -> policy evaluated -> ALLOW # Blocked command — hook denies, tool does not run agent> run rm -rf / # APort: passport checked -> blocked pattern detected -> DENY ### Testing the hook manually # Test allowed command (exit 0 = ALLOW) ~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"ls"}' # Test blocked command (exit 1 = DENY) ~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"rm -rf /"}' Decision logs: Latest decision: ~/.openclaw/aport/decision.json Audit trail: ~/.openclaw/aport/audit.log ### Local mode (default) All evaluation happens on your machine, zero network calls Passport stored locally at ~/.openclaw/aport/passport.json Works offline Note: local passport file must be protected from tampering (standard filesystem permissions) ### API mode (optional) Passport hosted in the aport.io registry (not stored locally) Signed decisions (Ed25519) for tamper-evident audit trails Global suspend across all systems Centralized compliance dashboards Sends tool name + context to API (does not send file contents, env vars, or credentials) ### Environment variables All optional. Local mode requires no environment variables. VariableWhen usedPurposeAPORT_API_URLAPI modeOverride endpoint (default: https://api.aport.io)APORT_AGENT_IDHosted passportPassport ID from aport.ioAPORT_API_KEYIf API requires authAuthentication token ### Default protections Shell commands — Allowlist enforcement, 40+ blocked patterns (rm -rf, sudo, chmod 777, etc.), interpreter bypass detection Messaging — Rate limits, recipient allowlist, channel restrictions File access — Path restrictions, blocks access to .env, SSH keys, system directories Web requests — Domain allowlist, SSRF protection, rate limiting Git operations — PR size limits, branch restrictions ### Tool name mapping Agent actionTool namePolicy checksShell commandssystem.command.executeAllowlist, blocked patternsMessaging (WhatsApp/Email/Slack)messaging.message.sendRate limits, recipient allowlistPRsgit.create_pr, git.mergePR size, branch restrictionsMCP toolsmcp.tool.executeServer/tool allowlistFile read/writedata.file.read, data.file.writePath restrictionsWeb requestsweb.fetch, web.browserDomain allowlist ### Troubleshooting ProblemFixPlugin not enforcingCheck openclaw plugin list shows aport-guardrailConnection refused (API mode)Verify APORT_API_URL is reachableTool blocked unexpectedlyCheck ~/.openclaw/aport/decision.json for deny reasonnpx not foundInstall Node.js 18+: https://nodejs.org ### Documentation Source code (Apache 2.0) QuickStart: OpenClaw Plugin Security Model & Trust Boundaries Hosted Passport Setup OAP Specification ## Trust - Source: tencent - Verification: Indexed source record - Publisher: uchibeke - Version: 1.1.14 ## Source health - Status: healthy - Source download looks usable. - Yavira can redirect you to the upstream package for this source. - Health scope: source - Reason: direct_download_ok - Checked at: 2026-04-23T16:43:11.935Z - Expires at: 2026-04-30T16:43:11.935Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/aport-agent-guardrail) - [Send to Agent page](https://openagent3.xyz/skills/aport-agent-guardrail/agent) - [JSON manifest](https://openagent3.xyz/skills/aport-agent-guardrail/agent.json) - [Markdown brief](https://openagent3.xyz/skills/aport-agent-guardrail/agent.md) - [Download page](https://openagent3.xyz/downloads/aport-agent-guardrail)