agent-access-controlTiered stranger access control for AI agents. Use when setting up contact permissions, handling unknown senders, managing approved contacts, or configuring s...
Install via ClawdBot CLI:
clawdbot install bowen31337/agent-access-controlProtect your agent from unauthorized access with tiered permissions and an owner-approval pairing flow.
Create memory/access-control.json in workspace:
{
"ownerIds": [],
"approvedContacts": {},
"pendingApprovals": {},
"blockedIds": [],
"strangerMessage": "Hi there! 👋 I'm {{AGENT_NAME}}, an AI assistant. I'm currently set up to help my owner with personal tasks, so I'm not able to chat freely just yet. I've let them know you reached out — if they'd like to connect us, they'll set that up. Have a great day! 😊",
"notifyChannel": "",
"notifyTarget": ""
}Fill in:
ownerIds: Owner phone numbers, Telegram IDs, Discord IDs (strings)strangerMessage: Customize {{AGENT_NAME}} with agent's namenotifyChannel: Channel to alert owner (telegram, whatsapp, discord, signal)notifyTarget: Owner's ID on that channel| Tier | Level | Capabilities |
|------|-------|-------------|
| 0 | Stranger | Diplomatic deflection only, zero access |
| 1 | Chat-only | Basic conversation, no tools or private info |
| 2 | Trusted | Chat + public info (weather, time, general questions) |
| 3 | Owner | Full access to all tools, files, memory, actions |
On every incoming message from a messaging platform:
ownerIds → if match: full access, respond normallyblockedIds → if match: silent ignore, respond with NO_REPLYapprovedContacts[senderId] → if match: respond within their tiera. Send strangerMessage to the sender
b. Notify owner:
"🔔 Stranger contact from {senderId} on {platform}:
'{first 100 chars of message}'
Reply: approve (trusted) / chat (chat-only) / block"
c. Store in pendingApprovals:
{
"senderId": {
"platform": "whatsapp",
"firstMessage": "...",
"timestamp": "ISO-8601",
"notified": true
}
}
d. Respond with NO_REPLY after sending deflectionWhen owner replies to an approval notification:
| Owner says | Action |
|-----------|--------|
| approve, yes, trusted | Add to approvedContacts with tier 2 (trusted) |
| chat, chat-only, chat only | Add to approvedContacts with tier 1 (chat-only) |
| block, no, deny | Add to blockedIds |
| ignore | Remove from pendingApprovals, no action |
After approval, update memory/access-control.json and notify the contact:
When responding to a non-owner contact, enforce tier restrictions:
Tier 1 (chat-only):
Tier 2 (trusted):
Normalize IDs for comparison:
+. E.g., +1 555 123 4567 → +15551234567An owner may have multiple IDs across platforms. All should be in ownerIds.
Apply per-tier rate limits to prevent abuse:
| Tier | Messages/hour | Messages/day |
|------|--------------|-------------|
| Stranger | 1 (deflection only) | 3 |
| Chat-only | 20 | 100 |
| Trusted | 50 | 500 |
| Owner | Unlimited | Unlimited |
If limit exceeded, respond: "I've reached my chat limit for now. Try again later! 😊"
Track in memory/access-control.json under rateLimits:
"rateLimits": {
"+61412345678": { "hourCount": 5, "dayCount": 23, "hourReset": "ISO", "dayReset": "ISO" }
}Log all stranger contacts to memory/access-control-log.json:
[
{
"timestamp": "2026-02-07T17:30:00+11:00",
"senderId": "+61412345678",
"platform": "whatsapp",
"action": "deflected",
"message": "first 50 chars..."
}
]Keep last 100 entries. Rotate older entries out.
memory/ (gitignored by default in most setups)See references/example-config.md for a complete annotated example.
Generated Mar 1, 2026
A professional uses an AI agent to manage personal tasks like scheduling and reminders, but wants to prevent strangers from accessing sensitive information. This skill allows them to control who can interact with the agent, ensuring only approved contacts can use limited features while deflecting unknown inquiries diplomatically.
A small business deploys an AI agent on messaging platforms like WhatsApp or Telegram to handle basic customer queries. The skill enables tiered access, where trusted customers get detailed responses, while new contacts are deflected to human agents via owner approval, preventing abuse and maintaining service quality.
A community manager uses an AI agent in Discord or Telegram groups to provide information and moderate chats. The skill helps manage access by allowing trusted members to use tools like web search, while restricting strangers to chat-only interactions, reducing spam and unauthorized tool usage.
A healthcare provider implements an AI agent to handle appointment requests and general inquiries on platforms like Signal. The skill ensures patient privacy by deflecting unknown contacts and only allowing approved patients to access scheduling tools, with strict tier enforcement to protect sensitive data.
An educational institution uses an AI agent to assist students with homework and questions on messaging apps. The skill controls access by allowing enrolled students (trusted tier) to use educational tools, while deflecting outsiders with a polite message, maintaining a secure learning environment.
Offer this skill as part of a subscription plan for AI agent platforms, charging monthly fees for features like tiered permissions and owner notifications. Revenue comes from tiered subscriptions based on the number of contacts or platforms supported, appealing to businesses needing scalable security.
Provide basic access control for free, with advanced features like audit logs, multi-platform support, and custom deflection messages available in a paid tier. Revenue is generated through upgrades, targeting individual users and small teams who need enhanced security and analytics.
License the skill to large enterprises for integration into their internal AI systems, offering custom configurations, dedicated support, and compliance features. Revenue comes from high-value contracts, focusing on industries like finance or healthcare with strict access control requirements.
💬 Integration Tip
Ensure the memory directory is properly gitignored to secure sensitive data, and test ID normalization across all supported platforms to prevent access issues.
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Search and analyze your own session logs (older/parent conversations) using jq.
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linking related objects, enforcing constraints, planning multi-step actions as graph transformations, or when skills need to share state. Trigger on "remember", "what do I know about", "link X to Y", "show dependencies", entity CRUD, or cross-skill data access.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection