Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
OpenClaw Guardian
A security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through two-tier regex blacklist rules and LLM-based intent ver...
skill openclawclawhub Free
A security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through two-tier regex blacklist rules and LLM-based intent ver...
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, references/README.md, scripts/audit-log.ts, scripts/blacklist.ts, scripts/default-policies.json, scripts/index.ts
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.1
Provenance
- Publisher
- fatcatMaoFei
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
OpenClaw Guardian
The missing safety layer for AI agents.
Why?
OpenClaw gives agents direct access to shell, files, email, browser, and more. 99% of that is harmless. Guardian catches the 1% that isn't โ without slowing down the rest.
How It Works
Tool Call โ Blacklist Matcher (regex rules, 0ms) โ No match โ Pass instantly (99% of calls) Warning hit โ 1 LLM vote ("did the user ask for this?") Critical hit โ 3 LLM votes (all must confirm user intent)
Two Blacklist Levels
LevelLLM VotesLatencyExamplesNo match0~0msReading files, git, normal opsWarning1~1-2srm -rf /tmp/cache, chmod 777, sudo aptCritical3 (unanimous)~2-4srm -rf ~/, mkfs, dd of=/dev/, shutdown
What Gets Checked
Only three tool types are inspected: exec โ command string matched against exec blacklist write / edit โ file path canonicalized and matched against path blacklist Everything else passes through instantly
LLM Intent Verification
When a blacklist rule matches, Guardian asks a lightweight LLM: "Did the user explicitly request this?" It reads recent conversation context to prevent false positives. Warning: 1 LLM call. Confirmed โ proceed. Critical: 3 parallel LLM calls. All 3 must confirm. Any "no" โ block. Auto-discovers a cheap/fast model from your existing OpenClaw provider config (prefers Haiku). No separate API key needed.
LLM Fallback
Critical + LLM down โ blocked (fail-safe) Warning + LLM down โ asks user for manual confirmation
Critical (exec)
rm -rf on system paths (excludes /tmp/ and workspace) mkfs, dd to block devices, redirects to /dev/sd* Writes to /etc/passwd, /etc/shadow, /etc/sudoers shutdown, reboot, disable SSH Bypass: eval, absolute-path rm, interpreter-based (python -c, node -e) Pipe attacks: curl | sh, wget | bash, base64 -d | sh Chain attacks: download + chmod +x + execute
Warning (exec)
rm -rf on safe paths, sudo, chmod 777, chown root Package install/remove, service management Crontab mods, SSH/SCP, Docker ops, kill/killall
Path Rules (write/edit)
Critical: system auth files, SSH keys, systemd units Warning: dotfiles, /etc/ configs, .env files, authorized_keys
Audit Log
Every blacklist hit logged to ~/.openclaw/guardian-audit.jsonl with SHA-256 hash chain โ tamper-evident, each entry covers full content + previous hash.
Installation
openclaw plugins install openclaw-guardian Or manually: cd ~/.openclaw/workspace git clone https://github.com/fatcatMaoFei/openclaw-guardian.git
Token Cost
Scenario% of OpsExtra CostNo match~99%0Warning~0.5-1%~500 tokensCritical<0.5%~1500 tokens Prefers cheap models (Haiku, GPT-4o-mini, Gemini Flash).
File Structure
extensions/guardian/ โโโ index.ts # Entry โ registers before_tool_call hook โโโ src/ โ โโโ blacklist.ts # Two-tier regex rules (critical/warning) โ โโโ llm-voter.ts # LLM intent verification โ โโโ audit-log.ts # SHA-256 hash-chain audit logger โโโ test/ โ โโโ blacklist.test.ts # Blacklist rule tests โโโ openclaw.plugin.json # Plugin manifest โโโ default-policies.json # Enable/disable toggle
License
MIT
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Scripts2 Docs1 Config
- SKILL.md
- references/README.md
- scripts/audit-log.ts
- scripts/blacklist.ts
- scripts/index.ts
- scripts/default-policies.json