{ "schemaVersion": "1.0", "item": { "slug": "clawwall", "name": "ClawWall", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/Stanxy/clawwall", "canonicalUrl": "https://clawhub.ai/Stanxy/clawwall", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/clawwall", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawwall", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/clawwall" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/clawwall", "agentPageUrl": "https://openagent3.xyz/skills/clawwall/agent", "manifestUrl": "https://openagent3.xyz/skills/clawwall/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawwall/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "ClawWall — Outbound DLP for OpenClaw", "body": "GitHub: https://github.com/Stanxy/clawguard\nRelease: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1\nPyPI: https://pypi.org/project/clawwall\n\nClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only." }, { "title": "Trust & Permissions", "body": "Be aware of what this installs:\n\nA local Python service (port 8642) that receives every outbound tool call for scanning\nAn OpenClaw plugin that hooks before_tool_call — all outbound content passes through it\nA local SQLite database that stores scan findings metadata\n\nWhat the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values.\n\nWhat it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local.\n\nPlugin registration is manual — nothing is auto-installed into OpenClaw. You must explicitly add the plugin to your config (see below)." }, { "title": "Prerequisites", "body": "Python 3.10+, pip\nNode.js + npm (for the OpenClaw plugin only)" }, { "title": "1. Install the ClawWall service (PyPI)", "body": "pip install clawwall==0.2.1\n\nVerify the SHA256 of the downloaded wheel if you want to confirm integrity:\n\n5939d375c724771931e92e88be2b2f11cd27a4eec095af95cb6923b61220c65f clawwall-0.2.1-py3-none-any.whl\n1e1ecae39bb4d351f0e503501e2615814c5c0cd0f822998f5648fa74eb1de5c2 clawwall-0.2.1.tar.gz\n\nOr clone at the pinned release tag:\n\ngit clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git\ncd clawguard && pip install ." }, { "title": "2. Start the service", "body": "clawwall\n\nOr via Python:\n\npython -m clawguard\n\nService starts on http://localhost:8642.\nDashboard at http://localhost:8642/dashboard." }, { "title": "3. Install the OpenClaw plugin (manual)", "body": "git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git\ncd clawguard/openclaw-integration/clawguard-plugin\nnpm install && npm run build\n\nThen manually add to your OpenClaw config:\n\n{\n \"plugins\": {\n \"clawwall\": {\n \"path\": \"/path/to/clawguard/openclaw-integration/clawguard-plugin/dist/index.js\",\n \"config\": {\n \"serviceUrl\": \"http://127.0.0.1:8642\",\n \"blockOnError\": false,\n \"timeoutMs\": 5000\n }\n }\n }\n}\n\nSet blockOnError: true to fail-closed (block all tool calls if the service is unreachable).\nSet blockOnError: false (default) to fail-open (allow calls through if the service is down)." }, { "title": "4. (Optional) Install this skill", "body": "clawhub install clawwall" }, { "title": "Configuration", "body": "Environment variables (all prefixed CLAWGUARD_):\n\nVariableDefaultDescriptionCLAWGUARD_HOST0.0.0.0Bind addressCLAWGUARD_PORT8642PortCLAWGUARD_DATABASE_URLsqlite+aiosqlite:///clawwall.dbDatabase pathCLAWGUARD_POLICY_PATHconfig/default_policy.yamlPolicy fileCLAWGUARD_LOG_LEVELINFOLog verbosity" }, { "title": "What ClawWall Detects", "body": "Secrets (51 patterns): AWS, GCP, Azure, GitHub, Stripe, Slack, PayPal, Square, SSH/PGP private keys, database URIs, JWT tokens, and more\nPII (10 patterns): SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses\nEntropy analysis: high-entropy strings that don't match any known pattern" }, { "title": "Policy", "body": "Default policy (config/default_policy.yaml) blocks all findings:\n\ndefault_action: BLOCK # BLOCK | REDACT | ALLOW\nredaction:\n strategy: mask # mask | hash | remove\n mask_char: \"*\"\n mask_preserve_edges: 4\ndestination_allowlist: [] # bypass scanning for trusted destinations\ndestination_blocklist: [] # always reject these destinations\ncustom_patterns: [] # add your own regex patterns\ndisabled_patterns: [] # disable specific built-in patterns by name" }, { "title": "API Quick Start", "body": "curl -s -X POST http://localhost:8642/api/v1/scan \\\n -H \"Content-Type: application/json\" \\\n -d '{\"content\": \"key=AKIAIOSFODNN7EXAMPLE\", \"destination\": \"api.example.com\"}'\n\nResponse:\n\n{\n \"action\": \"BLOCK\",\n \"findings\": [{\n \"finding_type\": \"aws_access_key_id\",\n \"severity\": \"CRITICAL\",\n \"redacted_snippet\": \"AKIA************MPLE\"\n }],\n \"duration_ms\": 2.1\n}" }, { "title": "Agent Instructions", "body": "You are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.\n\nResultMeaningALLOWNo sensitive data detected — call went throughREDACTSensitive portions were masked before sendingBLOCKCall rejected — nothing was sent\n\nBest practices:\n\nNever include raw API keys, tokens, or PII in outbound calls\nReference credentials by name ($OPENAI_API_KEY), not by value\nIf blocked, check findings to see what matched, remove it, and retry\nFalse positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard" } ], "body": "ClawWall — Outbound DLP for OpenClaw\n\nGitHub: https://github.com/Stanxy/clawguard Release: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1 PyPI: https://pypi.org/project/clawwall\n\nClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.\n\nTrust & Permissions\n\nBe aware of what this installs:\n\nA local Python service (port 8642) that receives every outbound tool call for scanning\nAn OpenClaw plugin that hooks before_tool_call — all outbound content passes through it\nA local SQLite database that stores scan findings metadata\n\nWhat the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values.\n\nWhat it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local.\n\nPlugin registration is manual — nothing is auto-installed into OpenClaw. You must explicitly add the plugin to your config (see below).\n\nInstallation\nPrerequisites\nPython 3.10+, pip\nNode.js + npm (for the OpenClaw plugin only)\n1. Install the ClawWall service (PyPI)\npip install clawwall==0.2.1\n\n\nVerify the SHA256 of the downloaded wheel if you want to confirm integrity:\n\n5939d375c724771931e92e88be2b2f11cd27a4eec095af95cb6923b61220c65f clawwall-0.2.1-py3-none-any.whl\n1e1ecae39bb4d351f0e503501e2615814c5c0cd0f822998f5648fa74eb1de5c2 clawwall-0.2.1.tar.gz\n\n\nOr clone at the pinned release tag:\n\ngit clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git\ncd clawguard && pip install .\n\n2. Start the service\nclawwall\n\n\nOr via Python:\n\npython -m clawguard\n\n\nService starts on http://localhost:8642. Dashboard at http://localhost:8642/dashboard.\n\n3. Install the OpenClaw plugin (manual)\ngit clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git\ncd clawguard/openclaw-integration/clawguard-plugin\nnpm install && npm run build\n\n\nThen manually add to your OpenClaw config:\n\n{\n \"plugins\": {\n \"clawwall\": {\n \"path\": \"/path/to/clawguard/openclaw-integration/clawguard-plugin/dist/index.js\",\n \"config\": {\n \"serviceUrl\": \"http://127.0.0.1:8642\",\n \"blockOnError\": false,\n \"timeoutMs\": 5000\n }\n }\n }\n}\n\n\nSet blockOnError: true to fail-closed (block all tool calls if the service is unreachable). Set blockOnError: false (default) to fail-open (allow calls through if the service is down).\n\n4. (Optional) Install this skill\nclawhub install clawwall\n\nConfiguration\n\nEnvironment variables (all prefixed CLAWGUARD_):\n\nVariable\tDefault\tDescription\nCLAWGUARD_HOST\t0.0.0.0\tBind address\nCLAWGUARD_PORT\t8642\tPort\nCLAWGUARD_DATABASE_URL\tsqlite+aiosqlite:///clawwall.db\tDatabase path\nCLAWGUARD_POLICY_PATH\tconfig/default_policy.yaml\tPolicy file\nCLAWGUARD_LOG_LEVEL\tINFO\tLog verbosity\nWhat ClawWall Detects\nSecrets (51 patterns): AWS, GCP, Azure, GitHub, Stripe, Slack, PayPal, Square, SSH/PGP private keys, database URIs, JWT tokens, and more\nPII (10 patterns): SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses\nEntropy analysis: high-entropy strings that don't match any known pattern\nPolicy\n\nDefault policy (config/default_policy.yaml) blocks all findings:\n\ndefault_action: BLOCK # BLOCK | REDACT | ALLOW\nredaction:\n strategy: mask # mask | hash | remove\n mask_char: \"*\"\n mask_preserve_edges: 4\ndestination_allowlist: [] # bypass scanning for trusted destinations\ndestination_blocklist: [] # always reject these destinations\ncustom_patterns: [] # add your own regex patterns\ndisabled_patterns: [] # disable specific built-in patterns by name\n\nAPI Quick Start\ncurl -s -X POST http://localhost:8642/api/v1/scan \\\n -H \"Content-Type: application/json\" \\\n -d '{\"content\": \"key=AKIAIOSFODNN7EXAMPLE\", \"destination\": \"api.example.com\"}'\n\n\nResponse:\n\n{\n \"action\": \"BLOCK\",\n \"findings\": [{\n \"finding_type\": \"aws_access_key_id\",\n \"severity\": \"CRITICAL\",\n \"redacted_snippet\": \"AKIA************MPLE\"\n }],\n \"duration_ms\": 2.1\n}\n\nAgent Instructions\n\nYou are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.\n\nResult\tMeaning\nALLOW\tNo sensitive data detected — call went through\nREDACT\tSensitive portions were masked before sending\nBLOCK\tCall rejected — nothing was sent\n\nBest practices:\n\nNever include raw API keys, tokens, or PII in outbound calls\nReference credentials by name ($OPENAI_API_KEY), not by value\nIf blocked, check findings to see what matched, remove it, and retry\nFalse positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Stanxy/clawwall", "publisherUrl": "https://clawhub.ai/Stanxy/clawwall", "owner": "Stanxy", "version": "0.2.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/clawwall", "downloadUrl": "https://openagent3.xyz/downloads/clawwall", "agentUrl": "https://openagent3.xyz/skills/clawwall/agent", "manifestUrl": "https://openagent3.xyz/skills/clawwall/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawwall/agent.md" } }