npm install -g clawwall

Policy firewall
for AI agents.

Name: ClawWall
Author: ClawWall

Every tool call blocked, logged, and under your control. Stop your AI agent from deleting files, leaking credentials, or phoning home — before it happens.

Open Dashboard →

Or: curl -fsSL https://clawwall.dev/install.sh | bash

clawwall.dev/dashboard connected

ALLOW

847

DENY

ASK

UPTIME

2h 14m

LIVE FEED

09:41:03 ✓ write src/api/routes.ts allow

09:41:05 ✗ read .env deny credential_read

09:41:07 ✓ exec npm test allow

09:41:09 ✗ exec rm -rf /tmp/build deny dangerous_command

09:41:11 ? browser localhost:5173 ask internal_network

09:41:14 ✓ read package.json allow

PENDING APPROVAL

? browser localhost:5173

What ClawWall blocks

Built-in rules fire automatically before every tool call. ClawWall blocks destructive commands, credential reads, data exfiltration, and sensitive path writes — no configuration required.

Threat	What ClawWall Does
Destructive commands (rm -rf /, mkfs, shutdown)	Blocked automatically
Credential reads (.env, id_rsa, .aws/credentials)	Blocked automatically
Data exfiltration (curl -d, wget --post, nc -e)	Blocked automatically
Writes to sensitive files (.env, .ssh/, /etc/passwd)	Blocked automatically
Writes outside your project directory	Blocked automatically
Internal network access (localhost, private IPs)	Paused for your approval
Your custom rules	Your call

How it works

ClawWall integrates with OpenClaw's before-tool-call hook to intercept every action.

OpenClaw → before-tool-call hook → POST /policy/check → ClawWall daemon
                                                                      ↓
                                          allow (instant) ← Rule Engine → deny (instant)
                                                                      ↓
                                                                    ask → Dashboard [Allow/Deny]

⚡

Instant decisions

ALLOW and DENY rules respond in microseconds — no latency added to normal operations.

👁

Human-in-the-loop

Ambiguous calls (internal network, custom patterns) pause for your approval in the dashboard.

🛡

Zero false negatives

Dangerous commands are hard-blocked. No policy drift, no override from the agent.

📱

Phone notifications

Get approval requests on your phone via ntfy. Tap Allow or Deny from anywhere — no dashboard needed.

Quick start

Up and running in 30 seconds.

terminal

# Install

$ npm install -g clawwall

# Start the daemon (auto-opens dashboard)

$ clawwall start

# Launch your agent with ClawWall enabled

$ CLAWWALL_ENABLED=true openclaw

# Dashboard at http://localhost:7654

Built-in rules

Six rules active by default. No configuration required.

Rule	Tools	Decision	Description
dangerous_command	exec, bash, shell, process	DENY	Blocks rm -rf, mkfs, shutdown, dd, and other destructive shell patterns
credential_read	read, cat, view	DENY	Blocks reads of .env, .aws/credentials, id_rsa, and other credential files
exfiltration	exec, bash, shell	DENY	Blocks curl -d, wget --post, nc -e and other data-sending patterns
sensitive_write	write, edit, apply_patch	DENY	Blocks writes to .env, .ssh/, /etc/passwd and other sensitive paths
outside_workspace	write, edit, apply_patch	DENY	Blocks writes to paths outside the current working directory
internal_network	browser, navigate, web_fetch	ASK	Pauses requests to localhost, 127.x, 10.x, 192.168.x for approval

Policy firewall for AI agents.