Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Security & Compliance
ClawWall
Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.
skill openclawclawhub Free
Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 0.2.2
Provenance
- Publisher
- Stanxy
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
ClawWall — Outbound DLP for OpenClaw
GitHub: https://github.com/Stanxy/clawguard Release: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1 PyPI: https://pypi.org/project/clawwall ClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.
Trust & Permissions
Be aware of what this installs: A local Python service (port 8642) that receives every outbound tool call for scanning An OpenClaw plugin that hooks before_tool_call — all outbound content passes through it A local SQLite database that stores scan findings metadata What the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values. What it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local. Plugin registration is manual — nothing is auto-installed into OpenClaw. You must explicitly add the plugin to your config (see below).
Prerequisites
Python 3.10+, pip Node.js + npm (for the OpenClaw plugin only)
1. Install the ClawWall service (PyPI)
pip install clawwall==0.2.1 Verify the SHA256 of the downloaded wheel if you want to confirm integrity: 5939d375c724771931e92e88be2b2f11cd27a4eec095af95cb6923b61220c65f clawwall-0.2.1-py3-none-any.whl 1e1ecae39bb4d351f0e503501e2615814c5c0cd0f822998f5648fa74eb1de5c2 clawwall-0.2.1.tar.gz Or clone at the pinned release tag: git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git cd clawguard && pip install .
2. Start the service
clawwall Or via Python: python -m clawguard Service starts on http://localhost:8642. Dashboard at http://localhost:8642/dashboard.
3. Install the OpenClaw plugin (manual)
git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git cd clawguard/openclaw-integration/clawguard-plugin npm install && npm run build Then manually add to your OpenClaw config: { "plugins": { "clawwall": { "path": "/path/to/clawguard/openclaw-integration/clawguard-plugin/dist/index.js", "config": { "serviceUrl": "http://127.0.0.1:8642", "blockOnError": false, "timeoutMs": 5000 } } } } Set blockOnError: true to fail-closed (block all tool calls if the service is unreachable). Set blockOnError: false (default) to fail-open (allow calls through if the service is down).
4. (Optional) Install this skill
clawhub install clawwall
Configuration
Environment variables (all prefixed CLAWGUARD_): VariableDefaultDescriptionCLAWGUARD_HOST0.0.0.0Bind addressCLAWGUARD_PORT8642PortCLAWGUARD_DATABASE_URLsqlite+aiosqlite:///clawwall.dbDatabase pathCLAWGUARD_POLICY_PATHconfig/default_policy.yamlPolicy fileCLAWGUARD_LOG_LEVELINFOLog verbosity
What ClawWall Detects
Secrets (51 patterns): AWS, GCP, Azure, GitHub, Stripe, Slack, PayPal, Square, SSH/PGP private keys, database URIs, JWT tokens, and more PII (10 patterns): SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses Entropy analysis: high-entropy strings that don't match any known pattern
Policy
Default policy (config/default_policy.yaml) blocks all findings: default_action: BLOCK # BLOCK | REDACT | ALLOW redaction: strategy: mask # mask | hash | remove mask_char: "*" mask_preserve_edges: 4 destination_allowlist: [] # bypass scanning for trusted destinations destination_blocklist: [] # always reject these destinations custom_patterns: [] # add your own regex patterns disabled_patterns: [] # disable specific built-in patterns by name
API Quick Start
curl -s -X POST http://localhost:8642/api/v1/scan \ -H "Content-Type: application/json" \ -d '{"content": "key=AKIAIOSFODNN7EXAMPLE", "destination": "api.example.com"}' Response: { "action": "BLOCK", "findings": [{ "finding_type": "aws_access_key_id", "severity": "CRITICAL", "redacted_snippet": "AKIA************MPLE" }], "duration_ms": 2.1 }
Agent Instructions
You are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM. ResultMeaningALLOWNo sensitive data detected — call went throughREDACTSensitive portions were masked before sendingBLOCKCall rejected — nothing was sent Best practices: Never include raw API keys, tokens, or PII in outbound calls Reference credentials by name ($OPENAI_API_KEY), not by value If blocked, check findings to see what matched, remove it, and retry False positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs
- SKILL.md