clawshell-0-1-0Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.
Install via ClawdBot CLI:
clawdbot install Lucky-2968/clawshell-0-1-0Human-in-the-loop security layer for OpenClaw. ClawShell intercepts shell commands before execution, analyzes their risk level, and requires your explicit approval (via push notification) for dangerous operations.
clawshell_bash instead of bashrm -rf /, fork bombs) — automatically blockedrm -rf, curl to external URLs, credential access) — sends a push notification and waits for your approvalnpm install, git push) — logged and allowedls, cat, git status) — allowedlogs/clawshell.jsonlSecure replacement for bash. Analyzes command risk and executes only if safe or approved.
Parameters:
command (string, required) — The shell command to executeworkingDir (string, optional) — Working directory (defaults to cwd)Returns: { exitCode, stdout, stderr }
High-risk commands will block until you approve or reject via push notification. Critical commands are rejected immediately.
Returns current ClawShell state: pending approval requests and recent decisions.
Parameters: none
Returns recent log entries for audit and debugging.
Parameters:
count (number, optional) — Number of entries to return (default: 20)cd /app/workspace/skills/clawshell
npm installCreate a Pushover application at https://pushover.net/apps/build and add your keys to .env:
CLAWSHELL_PUSHOVER_USER=your-user-key
CLAWSHELL_PUSHOVER_TOKEN=your-app-tokenAlternatively, configure Telegram instead:
CLAWSHELL_TELEGRAM_BOT_TOKEN=your-bot-token
CLAWSHELL_TELEGRAM_CHAT_ID=your-chat-idAdd the following to your OpenClaw TOOLS.md so the agent uses ClawShell for shell commands:
## Shell Access
Use `clawshell_bash` for ALL shell command execution. Do not use `bash` directly.
ClawShell will analyze commands for risk and require human approval for dangerous operations.
Available tools:
- `clawshell_bash(command, workingDir)` — Execute a shell command with risk analysis
- `clawshell_status()` — Check pending approvals and recent decisions
- `clawshell_logs(count)` — View recent audit log entriesClawShell reads configuration from environment variables (CLAWSHELL_*) with fallback to config.yaml.
| Variable | Default | Description |
|---|---|---|
| CLAWSHELL_PUSHOVER_USER | — | Pushover user key |
| CLAWSHELL_PUSHOVER_TOKEN | — | Pushover app token |
| CLAWSHELL_TELEGRAM_BOT_TOKEN | — | Telegram bot token (alternative) |
| CLAWSHELL_TELEGRAM_CHAT_ID | — | Telegram chat ID (alternative) |
| CLAWSHELL_TIMEOUT_SECONDS | 300 | Seconds to wait for approval before auto-reject |
| CLAWSHELL_LOG_DIR | logs/ | Directory for JSONL log files |
| CLAWSHELL_LOG_LEVEL | info | Log verbosity: debug, info, warn, error |
| CLAWSHELL_BLOCKLIST | — | Comma-separated extra blocked commands |
| CLAWSHELL_ALLOWLIST | — | Comma-separated extra allowed commands |
Custom rules can also be defined in config.yaml under rules.blocklist and rules.allowlist using exact strings, globs, or regex patterns.
Always ask your AI to scan any skill or software for security risks.
Generated Mar 1, 2026
Integrate ClawShell into CI/CD pipelines to intercept and require approval for high-risk commands like deployments, database migrations, or infrastructure changes. This adds a human review layer to automated scripts, preventing accidental or malicious actions in production environments.
Use ClawShell in financial institutions to monitor and approve shell commands that handle sensitive data, such as data extraction, transfers, or batch processing. It ensures compliance by logging all high-risk operations and requiring explicit authorization before execution.
Deploy ClawShell in healthcare IT systems to safeguard patient data by intercepting commands related to system backups, data exports, or network configurations. It reduces risks of data breaches by enforcing approval workflows for critical administrative tasks.
Implement ClawShell in university or training lab environments to control student access to shell commands. It blocks dangerous operations like system modifications while allowing safe commands, with notifications to instructors for oversight and logging.
Apply ClawShell to e-commerce backend systems to monitor commands for inventory updates, payment processing, or server maintenance. It prevents unauthorized changes by requiring approval for high-risk actions, enhancing operational security and audit trails.
Offer ClawShell as a cloud-based service with tiered subscriptions based on features like notification channels, log retention, and custom rule sets. Revenue comes from monthly or annual fees, targeting businesses needing scalable security layers.
Sell perpetual licenses for on-premises deployment, including premium support, customization, and integration services. This model suits large organizations with strict compliance requirements, generating upfront and ongoing maintenance revenue.
Provide ClawShell as open-source software with a free core version, monetizing through paid add-ons like advanced analytics, multi-channel notifications, or enterprise-grade support. This attracts users from community adoption to paid upgrades.
💬 Integration Tip
Ensure environment variables like CLAWSHELL_PUSHOVER_USER are set before use, and update TOOLS.md to replace bash calls with clawshell_bash for seamless agent integration.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.