clawguardInstall and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls
Install via ClawdBot CLI:
clawdbot install lidan-capsule/clawguardClawGuard is a security plugin that uses an LLM-as-a-Judge to evaluate tool calls before execution, detecting and optionally blocking risky operations.
Before installing ClawGuard, ensure the gateway's chat completions endpoint is enabled:
openclaw config set gateway.http.endpoints.chatCompletions.enabled trueInstall the plugin from npm:
openclaw plugins install @capsulesecurity/clawguardAfter installation, restart the gateway to load the plugin.
If running OpenClaw in Docker:
# Install the plugin
docker compose run --rm openclaw-cli plugins install @capsulesecurity/clawguard
# Restart gateway with force-recreate to reload env vars
docker compose up -d --force-recreate openclaw-gatewayImportant: Always use --force-recreate when restarting. Plain docker compose restart does NOT reload environment variables.
Check the gateway logs for the initialization message:
[clawguard] Initialized (logging: true, security: true, block: true, metrics: enabled)Configure ClawGuard via openclaw config set plugins.clawguard.:
| Option | Default | Description |
|--------|---------|-------------|
| enabled | true | Enable/disable the plugin |
| logToolCalls | true | Log tool call JSON to gateway logs |
| securityCheckEnabled | true | Run LLM security evaluation |
| blockOnRisk | true | Block high/critical risk tool calls |
| maxContextWords | 2000 | Session context word limit for evaluation |
| timeoutMs | 15000 | Security check timeout in milliseconds |
| gatewayHost | 127.0.0.1 | Gateway host for LLM calls |
| gatewayPort | 18789 | Gateway port for LLM calls |
| metricsEnabled | true | Enable anonymous usage metrics |
# Disable blocking (log-only mode)
openclaw config set plugins.clawguard.blockOnRisk false
# Increase timeout for slower models
openclaw config set plugins.clawguard.timeoutMs 30000
# Disable metrics collection
openclaw config set plugins.clawguard.metricsEnabled falseClawGuard calls the gateway's /v1/chat/completions endpoint internally. If you see 401 Unauthorized errors:
# Check env var
printenv OPENCLAW_GATEWAY_TOKEN
# Check config token
cat ~/.openclaw/openclaw.json | grep -A2 '"token"'For Docker, ensure .env contains the correct OPENCLAW_GATEWAY_TOKEN and use --force-recreate when restarting.
The chat completions endpoint is not enabled. Run:
openclaw config set gateway.http.endpoints.chatCompletions.enabled trueToken mismatch between environment and config. See Gateway Authentication section above.
openclaw plugins list shows clawguardClawGuard registers a before_tool_call hook that:
logToolCalls is enabled)blockOnRisk is enabled)The security evaluation uses your configured LLM provider, so it works with any model you have set up in OpenClaw.
Generated Mar 1, 2026
A bank uses ClawGuard to monitor AI-driven financial advisory tools, ensuring compliance with regulations by blocking unauthorized transactions or risky investment recommendations. It logs all tool calls for audit trails and prevents high-risk actions before execution.
A hospital integrates ClawGuard with AI systems handling patient records to detect and block unauthorized access or data modifications. It uses LLM evaluation to assess risks in real-time, safeguarding sensitive health information from potential breaches.
An online retailer employs ClawGuard to secure AI-powered customer service bots, preventing fraudulent tool calls like unauthorized refunds or order changes. It blocks high-risk actions and logs incidents for analysis to reduce financial losses.
An e-learning platform uses ClawGuard to protect AI tutors from executing risky commands, such as accessing student data or modifying course content without authorization. It ensures a safe learning environment by evaluating and blocking potential threats.
A manufacturing company deploys ClawGuard to oversee AI-controlled production tools, detecting and blocking unsafe operations that could lead to equipment damage or safety hazards. It enhances operational reliability by pre-screening tool calls for risks.
Offer ClawGuard as a cloud service with tiered pricing based on usage volume and features like advanced analytics. This model provides recurring revenue and scalability for businesses needing continuous security updates and support.
Sell perpetual licenses to large organizations with custom integration and premium support. This model targets industries like finance and healthcare that require dedicated security solutions and compliance certifications.
Provide a basic version of ClawGuard for free to attract users, then charge for advanced features such as real-time monitoring, detailed reporting, or priority support. This model encourages adoption and upsells to higher-value customers.
💬 Integration Tip
Ensure the gateway's chat completions endpoint is enabled and tokens are correctly configured to avoid authentication errors during setup.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.