Secrets: API keys, tokens, cloud credentials, private keys
PII: SSN, credit cards, emails, phone numbers
Destructive commands: rm -rf, git reset --hard, DROP TABLE, sudo, etc.
When something is detected, you can configure it to block, redact, require confirmation, or just warn. I added some defaults, e.g. it blocks rm -rf / and warns for email exposure.
Install:
openclaw plugins install clawguardian
Example:
$ openclaw agent --message "run echo '4358 9100 8899 4843'" --agent main
09:33:20 [plugins] ClawGuardian: pii_credit_card (high) detected in tool exec params
Done. The command ran, but ClawGuardian redacted the output since it detects the card-like format.
GitHub: https://github.com/superglue-ai/clawguardian
This is an early version, so I'd love some feedback and thoughts on how to make ClawGuardian better. This is not a replacement for being careful with OpenClaw's capabilities, just an additional security layer preventing the bot from posting my SSN that if found in my emails on some obscure agent social media network.