🛡️ OpenClaw Guardian

The Safety Brake for OpenClaw - Session-aware protection for risky operations

Overview

Claw-Gatekeeper is a comprehensive security control layer for OpenClaw that intercepts potentially dangerous operations and manages them according to their risk level:

Key Features

• - 🛑 Smart Interception - Automatically catches risky operations
• 📅 Session-Level Approval - Approve MEDIUM/HIGH once, auto-approve similar operations for the session
• 🔒 CRITICAL Protection - Must confirm each CRITICAL operation individually
• 📝 Audit Trail - All MEDIUM+ operations logged to INLINECODE0
• ⚙️ Persistent Operation - Designed to be loaded as a resident skill

Risk Level Behaviors

🔴 CRITICAL (80-100) - Always Confirm

Examples:

• - rm -rf / or system directory deletion
• Disk formatting (mkfs, format)
• System configuration changes
• Access to /etc/shadow, root SSH keys

Behavior:

• - ❌ Must confirm EACH time individually
• ❌ No session-level approval available
• ❌ No auto-approval
• ✅ Complete audit logging

CODEBLOCK0

🟠 HIGH (60-79) - Confirm or Session Approve

Examples:

• - Deleting directories with many files
• Executing shell commands
• Installing skills from external sources
• Network requests to external domains

Behavior:

• - ✅ Requires confirmation (first time)
• ✅ Can approve for entire session
• ✅ Session expires after 30min inactivity
• ✅ Complete audit logging

CODEBLOCK1

🟡 MEDIUM (30-59) - Suggest Confirm or Session Approve

Examples:

• - Creating new files
• Batch file operations (5-20 files)
• Reading sensitive directories
• Modifying configuration files

Behavior:

• - ✅ Suggests confirmation
• ✅ Can approve for entire session
• ✅ Auto-allowed in loose mode
• ✅ Complete audit logging

🟢 LOW (0-29) - Auto-Allow

Examples:

• - Reading files
• Listing directories
• Whitelisted operations
• Safe read-only commands

Behavior:

• - ✅ Auto-allowed without confirmation
• ✅ No interruption to workflow
• ✅ Still logged if enabled

Installation

Prerequisites

Claw-Guardian is designed to be a persistent/resident skill in OpenClaw. It should be loaded at the start of every session.

Method 1: OpenClaw CLI (Recommended)

CODEBLOCK2

Method 2: Manual Installation

CODEBLOCK3

Method 3: Configuration File

Add to ~/.openclaw/config.json:

CODEBLOCK4

Quick Start

1. Initialize Configuration

CODEBLOCK5

2. Set Operation Mode

CODEBLOCK6

3. Verify Installation

CODEBLOCK7

4. Check Session Status

CODEBLOCK8

Session Management

How Session Approval Works

CODEBLOCK9

Session Expiration

• - Default timeout: 30 minutes of inactivity
• Activity: Any operation or confirmation resets the timer
• Persistence: Session state saved between OpenClaw interactions

Managing Session Approvals

CODEBLOCK10

Configuration

Operation Modes

Standard Mode (Recommended)

python3 scripts/policy_config.py mode standard

• - CRITICAL: Always confirm (no session)
• HIGH: Confirm or session approve
• MEDIUM: Suggest confirm or session approve
• LOW: Auto-allow

Strict Mode

python3 scripts/policy_config.py mode strict

• - All non-whitelisted operations require confirmation
• Session approval still available for MEDIUM/HIGH
• CRITICAL always per-confirmation

Loose Mode

python3 scripts/policy_config.py mode loose

• - Only CRITICAL requires confirmation
• MEDIUM/HIGH auto-allowed after first session approval
• LOW always auto-allowed

Emergency Mode

python3 scripts/policy_config.py mode emergency

• - Completely disables autonomous operations
• Everything requires confirmation
• Session approvals suspended

Managing Whitelists and Blacklists

CODEBLOCK15

Audit Logging

Operate_Audit.log

All MEDIUM and above operations are logged to ~/.claw-guardian/sessions/Operate_Audit.log:

CODEBLOCK16

Viewing Logs

CODEBLOCK17

Log Format

CODEBLOCK18

Usage Examples

Example 1: File Cleanup with Session Approval

CODEBLOCK19

Example 2: Skill Development Workflow

CODEBLOCK20

Example 3: CRITICAL Operation Always Confirms

CODEBLOCK21

Script Reference

Session Management

CODEBLOCK22

Session Manager Direct

CODEBLOCK23

Risk Assessment

CODEBLOCK24

Best Practices

For Personal Use

1. 1. Use session approval for development work

1. 2. Never session-approve CRITICAL risks

1. 3. Review Operate_Audit.log weekly

For Team/Enterprise

1. 1. Standard mode for most users
2. Strict mode for production systems
3. Regular audit log reviews
4. Document session approval policies

Troubleshooting

Session Not Persisting

Problem: Session approvals lost between interactions

Solution: Ensure skill is loaded as persistent:
CODEBLOCK26

Too Many CRITICAL Prompts

Problem: Every CRITICAL operation requires confirmation

This is by design. CRITICAL risks must always be confirmed individually. Consider:

• - Whitelisting safe operations
• Reviewing why operations are marked CRITICAL
• Using less destructive alternatives

Session Timeout Too Short

Problem: Session expires during work

Solution: Adjust timeout (requires config edit):
CODEBLOCK27

Project Status

This is a temporary security measure.

Claw-Guardian addresses current security gaps in OpenClaw. Once OpenClaw implements comprehensive built-in safety controls, this project may be deprecated.