A configurable blocklist guard for OpenClaw with three enforcement layers:
After installing this skill, copy the hook directories into your workspace:
cp -r ~/.openclaw/workspace/skills/openclaw-snitch/hooks/snitch-bootstrap ~/.openclaw/hooks/snitch-bootstrap
cp -r ~/.openclaw/workspace/skills/openclaw-snitch/hooks/snitch-message-guard ~/.openclaw/hooks/snitch-message-guard
Then enable them in openclaw.json:
{
"hooks": {
"snitch-bootstrap": { "enabled": true },
"snitch-message-guard": { "enabled": true }
}
}
For the hard enforcement layer, install the npm package:
npm install -g openclaw-snitch
Then add to openclaw.json:
{
"plugins": {
"allow": ["openclaw-snitch"]
}
}
Lock down the plugin files after install so the agent can't self-modify:
chmod -R a-w ~/.openclaw/extensions/openclaw-snitch
In openclaw.json under plugins.config.openclaw-snitch:
{
"plugins": {
"config": {
"openclaw-snitch": {
"blocklist": ["clawhub", "clawdhub"],
"alertTelegram": true,
"bootstrapDirective": true
}
}
}
}
| Key | Default | Description |
|---|---|---|
| ----- | --------- | ------------- |
blocklist | ["clawhub", "clawdhub"] | Terms to block (case-insensitive word boundary match) |
alertTelegram | true | Broadcast Telegram alert to all allowFrom IDs on block |
bootstrapDirective | true | Inject security directive into every agent bootstrap context |
The hooks read SNITCH_BLOCKLIST (comma-separated) if set, otherwise fall back to the defaults:
SNITCH_BLOCKLIST=clawhub,clawdhub,myothertool
Blocks fire when the tool name or tool parameters contain a blocked term. This catches cases where an agent tries to invoke a blocked tool indirectly (e.g. exec with clawhub install in the args).
~/.openclaw/hooks/ load unconditionally — most tamper-resistant layerplugins.allow — if an agent edits openclaw.json, hooks remain activechown root:root on the extension dir prevents the agent from self-modifying the plugin共 1 个版本