بنقرة واحدة
clawwall
Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Get centralized exchange market data, order books, trading pairs, ticker prices, and 24h volume across Binance, Coinbase, Kraken, Bybit, Gate.io, and Bitget. Use when asked about CEX prices, exchange order book, trading pairs, CEX volume, Binance price, Kraken ticker, exchange comparison, or funding rates on centralized exchanges.
Get cryptocurrency prices, market cap, trading volume, trending tokens, market sentiment, Fear & Greed Index, total value locked (TVL), and DeFi protocol rankings. Use when asked about token price, crypto market overview, what's trending, market sentiment, TVL by chain or protocol, top gainers/losers, or price history.
Research cryptocurrency tokens, verify smart contracts, check perpetual futures data, governance proposals, and on-chain analytics. Use when asked about token research, contract verification, is this token safe, rug pull check, Hyperliquid perps, funding rates, governance vote, Dune analytics, token due diligence, or security audit status.
Check cryptocurrency wallet balances, token holdings, transaction history, token approvals, ENS name resolution, and on-chain activity. Use when asked about wallet balance, what tokens an address holds, transaction history, pending transactions, token allowances, ENS lookup, or address portfolio.
Track smart money trading signals on-chain. Monitor professional investor buy/sell activity, whale movements, alpha scanning, and signal performance. Use when asked about smart money, whale tracking, alpha signals, trading signals, or professional investor activity.
Check DeFi lending and borrowing rates, supply/borrow APY, positions, health factors, and protocol comparisons. Use when asked about lending rates, borrowing costs, Aave rates, Compound APY, Morpho markets, lending protocol comparison, health factor, or liquidation risk.
| name | clawwall |
| version | 0.2.1 |
| description | Outbound DLP for OpenClaw — hard regex blocks secrets & PII from leaving the machine. Domain control, no LLM. |
| author | Stanxy |
| openclaw | {"requires":{"bins":["python3","pip","git","node","npm"],"envs":[]}} |
GitHub: https://github.com/Stanxy/clawguard Release: https://github.com/Stanxy/clawguard/releases/tag/v0.2.1 PyPI: https://pypi.org/project/clawwall
ClawWall sits between your AI agent and the outside world. Every outbound tool call is intercepted and scanned against 60+ hard-coded patterns before anything leaves the machine. If content matches — it is blocked or redacted. No LLM, no approximation: regex and entropy only.
Be aware of what this installs:
before_tool_call — all outbound content passes through itWhat the database stores: finding type, severity, position offsets, action taken, and duration. It never stores raw content, secrets, or PII values.
What it does NOT do: no telemetry, no external connections, no data leaves the machine. The service is fully local.
Plugin registration is manual — nothing is auto-installed into OpenClaw. You must explicitly add the plugin to your config (see below).
pip install clawwall==0.2.1
Verify the SHA256 of the downloaded wheel if you want to confirm integrity:
5939d375c724771931e92e88be2b2f11cd27a4eec095af95cb6923b61220c65f clawwall-0.2.1-py3-none-any.whl
1e1ecae39bb4d351f0e503501e2615814c5c0cd0f822998f5648fa74eb1de5c2 clawwall-0.2.1.tar.gz
Or clone at the pinned release tag:
git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git
cd clawguard && pip install .
clawwall
Or via Python:
python -m clawguard
Service starts on http://localhost:8642. Dashboard at http://localhost:8642/dashboard.
git clone --branch v0.2.1 https://github.com/Stanxy/clawguard.git
cd clawguard/openclaw-integration/clawguard-plugin
npm install && npm run build
Then manually add to your OpenClaw config:
{
"plugins": {
"clawwall": {
"path": "/path/to/clawguard/openclaw-integration/clawguard-plugin/dist/index.js",
"config": {
"serviceUrl": "http://127.0.0.1:8642",
"blockOnError": false,
"timeoutMs": 5000
}
}
}
}
Set
blockOnError: trueto fail-closed (block all tool calls if the service is unreachable). SetblockOnError: false(default) to fail-open (allow calls through if the service is down).
clawhub install clawwall
Environment variables (all prefixed CLAWGUARD_):
| Variable | Default | Description |
|---|---|---|
CLAWGUARD_HOST | 0.0.0.0 | Bind address |
CLAWGUARD_PORT | 8642 | Port |
CLAWGUARD_DATABASE_URL | sqlite+aiosqlite:///clawwall.db | Database path |
CLAWGUARD_POLICY_PATH | config/default_policy.yaml | Policy file |
CLAWGUARD_LOG_LEVEL | INFO | Log verbosity |
Default policy (config/default_policy.yaml) blocks all findings:
default_action: BLOCK # BLOCK | REDACT | ALLOW
redaction:
strategy: mask # mask | hash | remove
mask_char: "*"
mask_preserve_edges: 4
destination_allowlist: [] # bypass scanning for trusted destinations
destination_blocklist: [] # always reject these destinations
custom_patterns: [] # add your own regex patterns
disabled_patterns: [] # disable specific built-in patterns by name
curl -s -X POST http://localhost:8642/api/v1/scan \
-H "Content-Type: application/json" \
-d '{"content": "key=AKIAIOSFODNN7EXAMPLE", "destination": "api.example.com"}'
Response:
{
"action": "BLOCK",
"findings": [{
"finding_type": "aws_access_key_id",
"severity": "CRITICAL",
"redacted_snippet": "AKIA************MPLE"
}],
"duration_ms": 2.1
}
You are operating behind ClawWall. All outbound tool calls are scanned before leaving the machine using hard pattern matching — not an LLM.
| Result | Meaning |
|---|---|
ALLOW | No sensitive data detected — call went through |
REDACT | Sensitive portions were masked before sending |
BLOCK | Call rejected — nothing was sent |
Best practices:
$OPENAI_API_KEY), not by valuefindings to see what matched, remove it, and retry