OpenClaw Egress
Network DLP for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, and network function calls.
The Problem
Skills can phone home. A compromised skill can POST your workspace contents, API keys, or conversation history to an external server. Nothing monitors what URLs your skills connect to or what data they could send.
Commands
Full Scan
Scan workspace for all outbound network risks.
CODEBLOCK0
Skills-Only Scan
CODEBLOCK1
Domain Map
List all external domains referenced in workspace.
CODEBLOCK2
Quick Status
CODEBLOCK3
What It Detects
| Risk | Pattern |
|---|
| CRITICAL | Base64/hex payloads in URLs, pastebin/sharing services, request catchers, dynamic DNS |
| HIGH |
Network function calls (requests, urllib, curl, wget, fetch), webhook/callback URLs |
|
WARNING | Suspicious TLDs (.xyz, .tk, .ml), URL shorteners, IP address endpoints |
|
INFO | Any external URL not on the safe domain list |
Exit Codes
- -
0 — Clean - INLINECODE1� — Network calls detected (review needed)
- INLINECODE2� — Exfiltration risk detected (action needed)
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
OpenClaw Egress
针对智能体工作空间的网络数据泄露防护。扫描技能和文件中的出站URL、数据外泄端点及网络函数调用。
问题所在
技能可能向外发送数据。被攻破的技能可以将你的工作空间内容、API密钥或对话历史通过POST请求发送到外部服务器。目前没有任何机制监控你的技能连接了哪些URL,或它们可能发送了什么数据。
命令
完整扫描
扫描工作空间中所有出站网络风险。
bash
python3 {baseDir}/scripts/egress.py scan --workspace /path/to/workspace
仅扫描技能
bash
python3 {baseDir}/scripts/egress.py scan --skills-only --workspace /path/to/workspace
域名映射
列出工作空间中引用的所有外部域名。
bash
python3 {baseDir}/scripts/egress.py domains --workspace /path/to/workspace
快速状态
bash
python3 {baseDir}/scripts/egress.py status --workspace /path/to/workspace
检测内容
| 风险等级 | 模式 |
|---|
| 严重 | URL中的Base64/十六进制载荷、pastebin/文件分享服务、请求捕获器、动态DNS |
| 高 |
网络函数调用(requests、urllib、curl、wget、fetch)、webhook/回调URL |
|
警告 | 可疑顶级域名(.xyz、.tk、.ml)、URL缩短器、IP地址端点 |
|
信息 | 不在安全域名列表中的任何外部URL |
退出代码
- - 0 — 干净
- 1 — 检测到网络调用(需要审查)
- 2 — 检测到数据外泄风险(需要处理)
无外部依赖
仅使用Python标准库。无需pip安装。无网络调用。一切在本地运行。
跨平台
兼容OpenClaw、Claude Code、Cursor以及任何使用智能体技能规范的工具。
