OpenClaw Egress
Network DLP for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, and network function calls.
The Problem
Skills can phone home. A compromised skill can POST your workspace contents, API keys, or conversation history to an external server. Nothing monitors what URLs your skills connect to or what data they could send.
Commands
Full Scan
Scan workspace for all outbound network risks.
python3 {baseDir}/scripts/egress.py scan --workspace /path/to/workspace
Skills-Only Scan
python3 {baseDir}/scripts/egress.py scan --skills-only --workspace /path/to/workspace
Domain Map
List all external domains referenced in workspace.
python3 {baseDir}/scripts/egress.py domains --workspace /path/to/workspace
Quick Status
python3 {baseDir}/scripts/egress.py status --workspace /path/to/workspace
What It Detects
| Risk | Pattern |
|---|---|
| CRITICAL | Base64/hex payloads in URLs, pastebin/sharing services, request catchers, dynamic DNS |
| HIGH | Network function calls (requests, urllib, curl, wget, fetch), webhook/callback URLs |
| WARNING | Suspicious TLDs (.xyz, .tk, .ml), URL shorteners, IP address endpoints |
| INFO | Any external URL not on the safe domain list |
Exit Codes
0— Clean1— Network calls detected (review needed)2— Exfiltration risk detected (action needed)
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.