AgentSkillsCN

Openclaw Skill

Openclaw 技能

SKILL.md

ClawGuard Security Skill

A security layer that monitors and controls what OpenClaw can do. Think of it as a firewall for your AI assistant.

Description

ClawGuard intercepts all shell commands, file operations, and network requests before OpenClaw executes them. Actions are checked against your security policy and can be:

  • Allowed — Proceeds immediately
  • Blocked — Rejected with explanation
  • 👤 Approval Required — Waits for human confirmation

Instructions

Before executing any of the following actions, check with ClawGuard:

Shell Commands

Before running any shell/bash command, call clawguard_check_shell with the command. If blocked, explain why and suggest an alternative.

File Operations

Before reading or writing files, call clawguard_check_file with the path and operation type. Respect blocked paths like ~/.ssh and .env files.

Network Requests

Before making HTTP requests, call clawguard_check_network with the URL. Only access allowed domains.

Security Philosophy

  • Deny by Default — In allowlist mode, anything not explicitly allowed is blocked
  • Blocked Wins — Block rules take precedence over allow rules
  • Fail Closed — Errors and timeouts result in denial

Configuration

Edit clawguard.yaml in your project root to customize the security policy.