{"id":44266710,"url":"https://github.com/taosin/openclaw-guard","last_synced_at":"2026-02-10T18:25:00.538Z","repository":{"id":337163963,"uuid":"1152566560","full_name":"taosin/openclaw-guard","owner":"taosin","description":"Security proxy for OpenClaw — block dangerous shell commands, human-in-the-loop approval, token circuit breaker","archived":false,"fork":false,"pushed_at":"2026-02-08T05:25:41.000Z","size":36,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-08T11:23:18.115Z","etag":null,"topics":["ai-safety","cursor","openclaw","proxy","python","sandbox","security","telegram"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/taosin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-08T04:13:13.000Z","updated_at":"2026-02-08T05:25:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/taosin/openclaw-guard","commit_stats":null,"previous_names":["taosin/openclaw-guard"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/taosin/openclaw-guard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taosin%2Fopenclaw-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taosin%2Fopenclaw-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taosin%2Fopenclaw-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taosin%2Fopenclaw-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/taosin","download_url":"https://codeload.github.com/taosin/openclaw-guard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taosin%2Fopenclaw-guard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29310727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T17:48:59.043Z","status":"ssl_error","status_checked_at":"2026-02-10T17:45:37.240Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-safety","cursor","openclaw","proxy","python","sandbox","security","telegram"],"created_at":"2026-02-10T18:24:59.787Z","updated_at":"2026-02-10T18:25:00.533Z","avatar_url":"https://github.com/taosin.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/github/stars/taosin/openclaw-guard?style=social\" alt=\"GitHub stars\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/license-MIT-blue.svg\" alt=\"License\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/python-3.9+-green.svg\" alt=\"Python\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/OpenClaw-compatible-orange\" alt=\"OpenClaw\"\u003e\n\u003c/p\u003e\n\n# 🛡️ OpenClawGuard\n\n\u003e **One sentence:** Give your local AI assistant a security layer—block dangerous shell commands, require human approval for writes, and cap token usage so one prompt can't blow your bill.\n\n**OpenClaw has shell access by default.** A malicious page or email could trick the AI into running `rm -rf /`. OpenClawGuard sits in front of OpenClaw as a proxy: it filters dangerous commands, sends write operations to your phone for approval (Telegram/WeChat), redirects file access to a sandbox, and trips a circuit breaker when token usage gets too high.\n\n[English](#quick-start) | [中文说明](docs/USER_GUIDE.md)\n\n---\n\n## ✨ Why OpenClawGuard?\n\n| Without Guard                        | With OpenClawGuard                                                    |\n| ------------------------------------ | --------------------------------------------------------------------- |\n| AI can run `rm -rf /` if tricked     | Dangerous commands are **blocked** by pattern + sensitive-path checks |\n| Every shell run executes immediately | **Write** operations need your **Approve** on your phone              |\n| File ops can touch `/etc`, `~/.ssh`  | Paths are **rewritten** to `/workspace` (or your sandbox)             |\n| Runaway loops can burn tokens        | **Token circuit breaker** stops requests when limit is hit            |\n\n---\n\n## 🚀 Quick Start (3 steps)\n\n```bash\n# 1. Clone \u0026 install\ngit clone https://github.com/taosin/openclaw-guard.git\ncd openclaw-guard\npip install -r requirements.txt\n\n# 2. Start OpenClaw on 8080 (if not already), then start the guard\npython clawguard.py --target-port 8080\n\n# 3. Point your client (e.g. Cursor) to http://localhost:8081 instead of 8080\n```\n\nGuard listens on **8081** and forwards to OpenClaw on **8080**. All traffic goes through the guard.\n\n---\n\n## 📋 Core Features\n\n- **🛑 Danger blocking** — Blocks `rm -rf`, `mkfs`, `dd`, `chmod 777`, access to `/etc`, `~/.ssh`, `System32`, etc.\n- **📱 Human-in-the-loop** — Write operations trigger Telegram/WeChat; you Approve or Deny with one tap (or HTTP link).\n- **📂 Sandbox** — File operations are redirected to `/workspace` (configurable) so the rest of the filesystem stays safe.\n- **🔌 Token circuit breaker** — Stops requests when token usage in a time window exceeds a limit (e.g. daily cap).\n\n---\n\n## 📖 Docs \u0026 Flowcharts\n\n- **[User guide (with flowcharts)](docs/USER_GUIDE.md)** — Architecture, request flow, approval flow, config, Docker, FAQ.\n- **[Requirements compliance](docs/REQUIREMENTS_COMPLIANCE.md)** — Mapping to ClawGuard V1.0 functional requirements.\n- **[CHANGELOG](CHANGELOG.md)** — Release history (auto-updated on merge to `main` via [Conventional Commits](https://www.conventionalcommits.org/)).\n\n---\n\n## ⚙️ Configuration (highlights)\n\n| Variable                                                      | Description                                      |\n| ------------------------------------------------------------- | ------------------------------------------------ |\n| `CLAWGUARD_TARGET_PORT`                                       | OpenClaw port (default `8080`)                   |\n| `CLAWGUARD_PORT`                                              | Guard port (default `8081`)                      |\n| `CLAWGUARD_SANDBOX`                                           | Sandbox dir (default `/workspace`)               |\n| `CLAWGUARD_TOKEN_LIMIT`                                       | Token cap (default `100000`)                     |\n| `CLAWGUARD_TOKEN_WINDOW_SEC`                                  | Window in seconds; use `86400` for daily         |\n| `CLAWGUARD_PUBLIC_URL`                                        | Base URL for Approve/Deny links in notifications |\n| `CLAWGUARD_TELEGRAM_BOT_TOKEN` / `CLAWGUARD_TELEGRAM_CHAT_ID` | Telegram approval                                |\n| `CLAWGUARD_WECHAT_WEBHOOK_URL`                                | WeChat approval                                  |\n\nFull list and examples: [User guide → Configuration](docs/USER_GUIDE.md#五配置说明).\n\n---\n\n## 🔗 Approval API\n\nWhen a write needs approval, you get a notification with two links (if `CLAWGUARD_PUBLIC_URL` is set). You can also call:\n\n- **Approve:** `GET` or `POST` `/clawguard/approve?id=\u003capproval_id\u003e`\n- **Reject:** `GET` or `POST` `/clawguard/reject?id=\u003capproval_id\u003e`\n\nExample: `curl http://localhost:8081/clawguard/approve?id=abc-123`\n\n---\n\n## 🐳 Docker\n\n```bash\ncp docker-compose.example.yml docker-compose.yml\n# Edit env (e.g. CLAWGUARD_PUBLIC_URL, Telegram)\ndocker compose up -d\n```\n\nOpenClaw can run on the host; set `CLAWGUARD_TARGET_HOST=host.docker.internal`. See [User guide → Docker](docs/USER_GUIDE.md#六docker-一键部署).\n\n---\n\n## 🧪 Running tests\n\n```bash\npip install -r requirements-dev.txt\npytest tests/ -v\n```\n\nOptional: `pytest tests/ --cov=core --cov=config --cov-report=term-missing` for coverage.\n\n---\n\n## 🤝 Contributing\n\nWe welcome issues and PRs. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n---\n\n## 📄 License\n\n[MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaosin%2Fopenclaw-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftaosin%2Fopenclaw-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaosin%2Fopenclaw-guard/lists"}