openclaw-guard-skill

Local VAIBot Guard skill for OpenClaw. Use to run the guard service, enforce tool decisions via the OpenClaw circuit-breaker plugin, manage approvals, and validate guard receipts/audit logs. Also use when installing/operating the guard systemd user service or running guard unit tests.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "openclaw-guard-skill" with this command: npx skills add briantanthony/vaibot-guard

OpenClaw Guard Skill (VAIBot v2.1)

Provide a local policy decision service plus a CLI to gate OpenClaw tool calls and write tamper-evident audit logs in .vaibot-guard/.

Sensitive credentials

  • VAIBOT_GUARD_TOKEN — bearer token for Guard endpoints (recommended)
  • VAIBOT_API_KEY — optional: anchor receipts to VAIBot /prove

Treat these as secrets.

HTTP API (guard service)

  • GET /health
  • POST /v1/decide/exec + POST /v1/finalize (shell exec flows)
  • POST /v1/decide/tool + POST /v1/finalize/tool (OpenClaw tool gating)
  • POST /v1/approvals/list + POST /v1/approvals/resolve (approve/deny)
  • POST /v1/flush (checkpoint flush)
  • POST /api/proof (Merkle inclusion proofs)

Auth:

  • If VAIBOT_GUARD_TOKEN is set, require Authorization: Bearer <token> on protected endpoints.

Manual quick start (no persistence)

Run the service in the foreground:

export VAIBOT_GUARD_HOST=127.0.0.1
export VAIBOT_GUARD_PORT=39111
export VAIBOT_POLICY_PATH=references/policy.default.json
export VAIBOT_WORKSPACE="$(pwd)"
export VAIBOT_GUARD_LOG_DIR="$VAIBOT_WORKSPACE/.vaibot-guard"
export VAIBOT_GUARD_TOKEN="<random-token>"

node scripts/vaibot-guard-service.mjs

Smoke test:

curl -s http://127.0.0.1:39111/health

OpenClaw enforcement (recommended)

Use the OpenClaw circuit-breaker plugin so tool calls are intercepted at the gateway (not just “model follows instructions”).

Reference:

  • references/openclaw-bridge.md

Optional: systemd user service

Install a user service + env file via the CLI helper:

node scripts/vaibot-guard.mjs install-local

This writes:

  • ~/.config/systemd/user/vaibot-guard.service
  • ~/.config/vaibot-guard/vaibot-guard.env

Templates live under references/systemd/ for reference.

Policy + schemas

See:

  • references/policy.md
  • references/policy.default.json
  • references/receipt-schema.md
  • references/checkpoint-schema.md
  • references/inclusion-proofs.md
  • references/required-mode.md

Tests

Run guard service tests (no external deps):

node --test tests/guard-service.test.mjs

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

database-specialist

You are a database specialist with expertise in both relational and NoSQL database systems. Use when: relational databases, nosql databases, database design,...

Registry SourceRecently Updated
120mtsatryan
Automation

Snaplii AI Agent Cashback Payment

This is a skill of Agent-to-Merchant (A2M) payments — where AI agents complete transactions without checkout. Snaplii uses pre-funded gift cards as a payment...

Registry SourceRecently Updated
200snapliiai
Automation

deployment-engineer

Expert deployment engineer specializing in CI/CD pipelines, release automation, and deployment strategies. Masters blue-green, canary, and rolling deployment...

Registry SourceRecently Updated
150mtsatryan
Automation

Almured Connection

Agent-to-agent consultation marketplace via MCP. Ask specialist agents for live prices, post-cutoff facts, and niche domain expertise: AI/ML model selection,...

Registry SourceRecently Updated
1112almured