clawshellHuman-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.
Install via ClawdBot CLI:
clawdbot install polucas/clawshellHuman-in-the-loop security layer for OpenClaw. ClawShell intercepts shell commands before execution, analyzes their risk level, and requires your explicit approval (via push notification) for dangerous operations.
clawshell_bash instead of bashrm -rf /, fork bombs) — automatically blockedrm -rf, curl to external URLs, credential access) — sends a push notification and waits for your approvalnpm install, git push) — logged and allowedls, cat, git status) — allowedlogs/clawshell.jsonlSecure replacement for bash. Analyzes command risk and executes only if safe or approved.
Parameters:
command (string, required) — The shell command to executeworkingDir (string, optional) — Working directory (defaults to cwd)Returns: { exitCode, stdout, stderr }
High-risk commands will block until you approve or reject via push notification. Critical commands are rejected immediately.
Returns current ClawShell state: pending approval requests and recent decisions.
Parameters: none
Returns recent log entries for audit and debugging.
Parameters:
count (number, optional) — Number of entries to return (default: 20)cd /app/workspace/skills/clawshell
npm installCreate a Pushover application at https://pushover.net/apps/build and add your keys to .env:
CLAWSHELL_PUSHOVER_USER=your-user-key
CLAWSHELL_PUSHOVER_TOKEN=your-app-tokenAlternatively, configure Telegram instead:
CLAWSHELL_TELEGRAM_BOT_TOKEN=your-bot-token
CLAWSHELL_TELEGRAM_CHAT_ID=your-chat-idAdd the following to your OpenClaw TOOLS.md so the agent uses ClawShell for shell commands:
## Shell Access
Use `clawshell_bash` for ALL shell command execution. Do not use `bash` directly.
ClawShell will analyze commands for risk and require human approval for dangerous operations.
Available tools:
- `clawshell_bash(command, workingDir)` — Execute a shell command with risk analysis
- `clawshell_status()` — Check pending approvals and recent decisions
- `clawshell_logs(count)` — View recent audit log entriesClawShell reads configuration from environment variables (CLAWSHELL_*) with fallback to config.yaml.
| Variable | Default | Description |
|---|---|---|
| CLAWSHELL_PUSHOVER_USER | — | Pushover user key |
| CLAWSHELL_PUSHOVER_TOKEN | — | Pushover app token |
| CLAWSHELL_TELEGRAM_BOT_TOKEN | — | Telegram bot token (alternative) |
| CLAWSHELL_TELEGRAM_CHAT_ID | — | Telegram chat ID (alternative) |
| CLAWSHELL_TIMEOUT_SECONDS | 300 | Seconds to wait for approval before auto-reject |
| CLAWSHELL_LOG_DIR | logs/ | Directory for JSONL log files |
| CLAWSHELL_LOG_LEVEL | info | Log verbosity: debug, info, warn, error |
| CLAWSHELL_BLOCKLIST | — | Comma-separated extra blocked commands |
| CLAWSHELL_ALLOWLIST | — | Comma-separated extra allowed commands |
Custom rules can also be defined in config.yaml under rules.blocklist and rules.allowlist using exact strings, globs, or regex patterns.
Always ask your AI to scan any skill or software for security risks.
Generated Mar 1, 2026
Integrate ClawShell into CI/CD pipelines to intercept and require approval for high-risk deployment commands like database migrations or infrastructure changes. This prevents unauthorized or accidental destructive operations in production environments, ensuring human oversight before critical actions.
Use ClawShell in financial institutions to monitor shell commands during data analysis or transaction processing. It blocks risky operations like unauthorized data exports or system modifications, requiring manager approval via push notifications to comply with regulatory standards and reduce fraud risk.
Deploy ClawShell in hospital IT systems to secure administrative tasks involving patient data or medical devices. It intercepts commands that could compromise sensitive information or disrupt critical services, enforcing approval workflows for high-risk actions to maintain HIPAA compliance and operational safety.
Implement ClawShell in university computer labs to control student access to shell commands. It allows low-risk educational activities while blocking or requiring instructor approval for potentially harmful operations like system configuration changes, protecting lab infrastructure from misuse.
Apply ClawShell to e-commerce backend systems to oversee commands related to inventory updates, payment processing, or server maintenance. It requires approval for high-risk tasks to prevent errors that could lead to downtime or data breaches, ensuring business continuity and customer trust.
Offer ClawShell as a cloud-based service with tiered pricing based on usage volume, features like custom rule sets, and support levels. Revenue is generated through monthly or annual subscriptions, targeting enterprises needing scalable security solutions without on-premise deployment overhead.
Sell perpetual licenses for on-premise installations with one-time fees and optional maintenance contracts for updates and support. This model appeals to large organizations in regulated industries like finance or healthcare that require full control over their security infrastructure and data.
Provide a free basic version of ClawShell for individual developers or small teams, with paid upgrades for advanced features such as multi-user approval workflows, integration with third-party tools, and enhanced analytics. Revenue comes from upselling premium features to growing user bases.
💬 Integration Tip
Ensure environment variables like CLAWSHELL_PUSHOVER_USER are properly configured and test with low-risk commands first to verify setup before deploying in production environments.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.