Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
ClawGuard
Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls
skill openclawclawhub Free
Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 0.1.5
Provenance
- Publisher
- lidan-capsule
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
ClawGuard Plugin Installation Guide
ClawGuard is a security plugin that uses an LLM-as-a-Judge to evaluate tool calls before execution, detecting and optionally blocking risky operations.
Prerequisites
Before installing ClawGuard, ensure the gateway's chat completions endpoint is enabled: openclaw config set gateway.http.endpoints.chatCompletions.enabled true
Installation
Install the plugin from npm: openclaw plugins install @capsulesecurity/clawguard After installation, restart the gateway to load the plugin.
Docker Installation
If running OpenClaw in Docker: # Install the plugin docker compose run --rm openclaw-cli plugins install @capsulesecurity/clawguard # Restart gateway with force-recreate to reload env vars docker compose up -d --force-recreate openclaw-gateway Important: Always use --force-recreate when restarting. Plain docker compose restart does NOT reload environment variables.
Verify Installation
Check the gateway logs for the initialization message: [clawguard] Initialized (logging: true, security: true, block: true, metrics: enabled)
Configuration
Configure ClawGuard via openclaw config set plugins.clawguard.<option> <value>: OptionDefaultDescriptionenabledtrueEnable/disable the pluginlogToolCallstrueLog tool call JSON to gateway logssecurityCheckEnabledtrueRun LLM security evaluationblockOnRisktrueBlock high/critical risk tool callsmaxContextWords2000Session context word limit for evaluationtimeoutMs15000Security check timeout in millisecondsgatewayHost127.0.0.1Gateway host for LLM callsgatewayPort18789Gateway port for LLM callsmetricsEnabledtrueEnable anonymous usage metrics
Example Configuration
# Disable blocking (log-only mode) openclaw config set plugins.clawguard.blockOnRisk false # Increase timeout for slower models openclaw config set plugins.clawguard.timeoutMs 30000 # Disable metrics collection openclaw config set plugins.clawguard.metricsEnabled false
Gateway Authentication
ClawGuard calls the gateway's /v1/chat/completions endpoint internally. If you see 401 Unauthorized errors: Check the gateway token in your environment matches the config: # Check env var printenv OPENCLAW_GATEWAY_TOKEN # Check config token cat ~/.openclaw/openclaw.json | grep -A2 '"token"' If tokens don't match, update your environment and restart the gateway. For Docker, ensure .env contains the correct OPENCLAW_GATEWAY_TOKEN and use --force-recreate when restarting.
405 Method Not Allowed
The chat completions endpoint is not enabled. Run: openclaw config set gateway.http.endpoints.chatCompletions.enabled true
401 Unauthorized
Token mismatch between environment and config. See Gateway Authentication section above.
Plugin Not Loading
Check openclaw plugins list shows clawguard Restart the gateway Check gateway logs for errors
How It Works
ClawGuard registers a before_tool_call hook that: Logs tool call details (if logToolCalls is enabled) Sends tool context to an LLM for security evaluation Returns a risk assessment (none/low/medium/high/critical) Blocks execution if risk is high/critical (if blockOnRisk is enabled) The security evaluation uses your configured LLM provider, so it works with any model you have set up in OpenClaw.
Links
GitHub: https://github.com/capsulesecurity/clawguard npm: https://www.npmjs.com/package/@capsulesecurity/clawguard
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs
- SKILL.md