Claw Permission Firewall

# Claw Permission Firewall

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Claw Permission Firewall" with this command: npx skills add bharathjanumpally/claw-permission-firewall

Claw Permission Firewall

Runtime least-privilege firewall for agent/skill actions. It evaluates a requested action and returns one of:

  • ALLOW (safe to execute)
  • DENY (blocked by policy)
  • NEED_CONFIRMATION (risky; require explicit confirmation)

It also returns a sanitizedAction with secrets redacted, plus a structured audit record.

This is not a gateway hardening tool. It complements gateway security scanners by enforcing per-action policy at runtime.

What it protects against

  • Exfiltration to unknown domains
  • Prompt-injection “send secrets” attempts (secret detection + redaction)
  • Reading sensitive local files (~/.ssh, ~/.aws, .env, etc.)
  • Unsafe execution patterns (rm -rf, curl | sh, etc.)

Inputs

Provide an action object to evaluate:

{
  "traceId": "optional-uuid",
  "caller": { "skillName": "SomeSkill", "skillVersion": "1.2.0" },
  "action": {
    "type": "http_request | file_read | file_write | exec",
    "method": "GET|POST|PUT|DELETE",
    "url": "https://api.github.com/...",
    "headers": { "authorization": "Bearer ..." },
    "body": "...",
    "path": "./reports/out.json",
    "command": "rm -rf /"
  },
  "context": {
    "workspaceRoot": "/workspace",
    "mode": "strict | balanced | permissive",
    "confirmed": false
  }
}

Outputs

{
  "decision": "ALLOW | DENY | NEED_CONFIRMATION",
  "riskScore": 0.42,
  "reasons": [{"ruleId":"...","message":"..."}],
  "sanitizedAction": { "...": "..." },
  "confirmation": { "required": true, "prompt": "..." },
  "audit": { "traceId":"...", "policyVersion":"...", "actionFingerprint":"..." }
}

Default policy behavior (v1)

  • Exec disabled by default
  • HTTP requires TLS
  • Denylist blocks common exfil hosts (pastebins, raw script hosts)
  • File access is jailed to workspaceRoot
  • Always redacts Authorization, Cookie, X-API-Key, and common token patterns

Recommended usage pattern

  1. Your skill creates an action object.
  2. Call this skill to evaluate it.
  3. If ALLOW → execute sanitizedAction.
  4. If NEED_CONFIRMATION → ask user and re-run with context.confirmed=true.
  5. If DENY → stop and show the reasons.

Files

  • policy.yaml contains the policy (edit for your environment).

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Privacy Mask

Mask, redact, anonymize and censor sensitive information (PII) in screenshots and images — phone numbers, emails, IDs, API keys, crypto wallets, credit cards...

Registry SourceRecently Updated
4581Profile unavailable
Security

RedactKit - AI Privacy Scrubber

Scan your data before sending it to AI. Detect and redact PII, secrets, and sensitive info. Reversible, local, zero network calls.

Registry SourceRecently Updated
2490Profile unavailable
Security

AI Agent OPSEC — Runtime Classified Data Enforcer

Prevent your AI agent from leaking classified terms to external APIs, subagents, or logs. Term registry + runtime redaction + pre-publish audit. Zero depende...

Registry SourceRecently Updated
3790Profile unavailable
Security

Alfred Agent Governance

Enforces YAML-based runtime policies to intercept, audit, rate-limit, and stop AI agent tool calls for secure governance in OpenClaw.

Registry SourceRecently Updated
850Profile unavailable