ClawWall — Outbound DLP for OpenClaw
GitHub: https://github.com/Stanxy/clawguard
Release: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1
PyPI: https://pypi.org/project/clawwall
ClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.
Trust & Permissions
Be aware of what this installs:
- - A local Python service (port 8642) that receives every outbound tool call for scanning
- An OpenClaw plugin that hooks
before_tool_call — all outbound content passes through it - A local SQLite database that stores scan findings metadata
What the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values.
What it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local.
Plugin registration is manual — nothing is auto-installed into OpenClaw. You must explicitly add the plugin to your config (see below).
Installation
Prerequisites
- - Python 3.10+, pip
- Node.js + npm (for the OpenClaw plugin only)
1. Install the ClawWall service (PyPI)
CODEBLOCK0
Verify the SHA256 of the downloaded wheel if you want to confirm integrity:
�CODEBLOCK1
Or clone at the pinned release tag:
�CODEBLOCK2
2. Start the service
CODEBLOCK3
Or via Python:
�CODEBLOCK4
Service starts on http://localhost:8642.
Dashboard at http://localhost:8642/dashboard.
3. Install the OpenClaw plugin (manual)
CODEBLOCK5
Then manually add to your OpenClaw config:
�CODEBLOCK6
Set blockOnError: true to fail-closed (block all tool calls if the service is unreachable).
Set blockOnError: false (default) to fail-open (allow calls through if the service is down).
4. (Optional) Install this skill
CODEBLOCK7
Configuration
Environment variables (all prefixed CLAWGUARD_):
| Variable | Default | Description |
|---|
| INLINECODE4 | INLINECODE5 | Bind address |
| INLINECODE6 |
8642 | Port |
|
CLAWGUARD_DATABASE_URL |
sqlite+aiosqlite:///clawwall.db | Database path |
|
CLAWGUARD_POLICY_PATH |
config/default_policy.yaml | Policy file |
|
CLAWGUARD_LOG_LEVEL |
INFO | Log verbosity |
What ClawWall Detects
- - Secrets (51 patterns): AWS, GCP, Azure, GitHub, Stripe, Slack, PayPal, Square, SSH/PGP private keys, database URIs, JWT tokens, and more
- PII (10 patterns): SSNs, credit cards (Luhn-validated), emails, phone numbers, IP addresses
- Entropy analysis: high-entropy strings that don't match any known pattern
Policy
Default policy (config/default_policy.yaml) blocks all findings:
CODEBLOCK8
API Quick Start
CODEBLOCK9
Response:
�CODEBLOCK10
Agent Instructions
You are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.
| Result | Meaning |
|---|
| INLINECODE15 | No sensitive data detected — call went through |
| INLINECODE16 |
Sensitive portions were masked before sending |
|
BLOCK | Call rejected — nothing was sent |
Best practices:
- - Never include raw API keys, tokens, or PII in outbound calls
- Reference credentials by name (
$OPENAI_API_KEY), not by value - If blocked, check
findings to see what matched, remove it, and retry - False positive? Tell the user to adjust the policy via the dashboard at http://localhost:8642/dashboard
技能名称: clawwall
详细描述:
ClawWall — OpenClaw 的出站数据防泄漏(DLP)工具
GitHub: https://github.com/Stanxy/clawguard
发布页面: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1
PyPI: https://pypi.org/project/clawwall
ClawWall 位于你的 AI 智能体与外部世界之间。在数据离开机器之前,每一个出站工具调用都会被拦截,并针对 60 多种硬编码模式进行扫描。如果内容匹配——它将被阻止或编辑。不依赖大语言模型,不进行近似匹配:仅使用正则表达式和熵值分析。
信任与权限
请注意此工具安装的内容:
- - 一个本地 Python 服务(端口 8642),用于接收每个出站工具调用进行扫描
- 一个OpenClaw 插件,用于钩住 beforetoolcall 事件——所有出站内容都经过它
- 一个本地 SQLite 数据库,用于存储扫描结果的元数据
数据库存储的内容: 发现类型、严重级别、位置偏移、采取的操作以及持续时间。它从不存储原始内容、密钥或个人身份信息(PII)值。
它不会做的事情: 无遥测、无外部连接、无数据离开机器。该服务完全在本地运行。
插件注册是手动的——没有任何内容会自动安装到 OpenClaw 中。你必须明确地将插件添加到你的配置中(见下文)。
安装
前提条件
- - Python 3.10+,pip
- Node.js + npm(仅用于 OpenClaw 插件)
1. 安装 ClawWall 服务(通过 PyPI)
bash
pip install clawwall==0.2.1
如果你想确认完整性,可以验证下载的 wheel 文件的 SHA256 值:
5939d375c724771931e92e88be2b2f11cd27a4eec095af95cb6923b61220c65f clawwall-0.2.1-py3-none-any.whl
1e1ecae39bb4d351f0e503501e2615814c5c0cd0f822998f5648fa74eb1de5c2 clawwall-0.2.1.tar.gz
或者克隆固定发布标签的版本:
bash
git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git
cd clawguard && pip install .
2. 启动服务
bash
clawwall
或者通过 Python 启动:
bash
python -m clawguard
服务启动于 http://localhost:8642。
仪表盘地址为 http://localhost:8642/dashboard。
3. 安装 OpenClaw 插件(手动)
bash
git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git
cd clawguard/openclaw-integration/clawguard-plugin
npm install && npm run build
然后手动将其添加到你的 OpenClaw 配置中:
json
{
plugins: {
clawwall: {
path: /path/to/clawguard/openclaw-integration/clawguard-plugin/dist/index.js,
config: {
serviceUrl: http://127.0.0.1:8642,
blockOnError: false,
timeoutMs: 5000
}
}
}
}
设置 blockOnError: true 以启用故障关闭模式(如果服务不可达,则阻止所有工具调用)。
设置 blockOnError: false(默认值)以启用故障开放模式(如果服务宕机,则允许调用通过)。
4. (可选)安装此技能
bash
clawhub install clawwall
配置
环境变量(均以 CLAWGUARD_ 为前缀):
| 变量 | 默认值 | 描述 |
|---|
| CLAWGUARDHOST | 0.0.0.0 | 绑定地址 |
| CLAWGUARDPORT |
8642 | 端口 |
| CLAWGUARD
DATABASEURL | sqlite+aiosqlite:///clawwall.db | 数据库路径 |
| CLAWGUARD
POLICYPATH | config/default_policy.yaml | 策略文件 |
| CLAWGUARD
LOGLEVEL | INFO | 日志详细程度 |
ClawWall 检测的内容
- - 密钥(51种模式): AWS、GCP、Azure、GitHub、Stripe、Slack、PayPal、Square、SSH/PGP 私钥、数据库 URI、JWT 令牌等
- 个人身份信息(PII)(10种模式): 社会安全号码、信用卡号(经 Luhn 算法验证)、电子邮件、电话号码、IP 地址
- 熵值分析: 不匹配任何已知模式的高熵字符串
策略
默认策略(config/default_policy.yaml)阻止所有发现:
yaml
default_action: BLOCK # BLOCK | REDACT | ALLOW
redaction:
strategy: mask # mask | hash | remove
mask_char: *
maskpreserveedges: 4
destination_allowlist: [] # 绕过对可信目标的扫描
destination_blocklist: [] # 始终拒绝这些目标
custom_patterns: [] # 添加你自己的正则表达式模式
disabled_patterns: [] # 按名称禁用特定的内置模式
API 快速入门
bash
curl -s -X POST http://localhost:8642/api/v1/scan \
-H Content-Type: application/json \
-d {content: key=AKIAIOSFODNN7EXAMPLE, destination: api.example.com}
响应:
json
{
action: BLOCK,
findings: [{
findingtype: awsaccesskeyid,
severity: CRITICAL,
redacted_snippet: AKIAMPLE
}],
duration_ms: 2.1
}
智能体指令
你正在 ClawWall 的保护下运行。所有出站工具调用在离开机器之前都会使用硬模式匹配进行扫描——而非大语言模型。
| 结果 | 含义 |
|---|
| ALLOW | 未检测到敏感数据——调用已通过 |
| REDACT |
敏感部分在发送前已被屏蔽 |
| BLOCK | 调用被拒绝——未发送任何内容 |
最佳实践:
- - 切勿在出站调用中包含原始 API 密钥、令牌或个人身份信息(PII)
- 通过名称引用凭据($OPENAIAPIKEY),而非值
- 如果被阻止,请检查 findings 以查看匹配了什么,将其移除,然后重试
- 出现误报?告知用户通过仪表盘(http://localhost:8642/dashboard)调整策略
