name: ai-sec-openclaw
description: Use when the user wants to integrate ai-sec into an OpenClaw bot (for example: "add ai-sec to openclaw", "guard openclaw tools", "openclaw prompt injection defense", "scaffold openclaw security middleware"). This skill scaffolds OpenClaw guard code using @codegrammer/ai-sec-openclaw-adapter with autonomous mode by default and optional human approval mode.
AI-Sec OpenClaw
Use this skill to scaffold and wire ai-sec into OpenClaw bot workflows.
When to run
Run when the user asks to protect OpenClaw tool execution or prompt flow with ai-sec.
Workflow
- Generate integration helper with
scripts/scaffold_openclaw_integration.sh.
- Choose review mode:
autonomous (default): continue on review/challenge.
human_approval: require approval callback before re-gating.
- Keep local execution firewall enabled (
executionFirewall.mode: "enforce") unless explicitly requested otherwise.
- Keep canary sentinel enabled (
canary.mode: "enforce"), and place OPENCLAW_CANARY_TOKEN in hidden system context/tool memory.
- Keep autonomy budget enabled (
autonomyBudget.mode: "enforce") to cap autonomous review bypass volume/risk.
- Keep context shield enabled (
contextShield.mode: "enforce") to quarantine suspicious external/unknown context chunks.
- Keep decision receipts enabled (
decisionReceipt.enabled: true) for tamper-evident audit chaining.
- Wire generated helper around each sensitive tool execution path and pass
toolInput where available.
- Run a gate sanity check using
ai-sec agent gate.
Commands
Scaffold into current project:
./scripts/scaffold_openclaw_integration.sh --target ./src/guards --review-mode autonomous
Scaffold strict approval version:
./scripts/scaffold_openclaw_integration.sh --target ./src/guards --review-mode human_approval
Runtime environment
AI_SEC_GATEWAY_URL (example: http://127.0.0.1:8080)
AI_SEC_BEARER_TOKEN or SERVICE_API_TOKEN when auth is required
- Optional:
AI_SEC_SESSION_ID, AI_SEC_USER_ID