Deterministic enforcement. Zero LLM overhead. Zero social engineering surface.
A battle-tested ruleset for the OpenClaw Guardian plugin — 56 rules that block dangerous agent actions at the tool layer before they execute.
Guardian installs the enforcement engine. This skill installs the rules that make it actually useful — covering the threats that matter in production:
| Threat Vector | Rules |
|---|---|
| Credential theft | 15 rules |
| Data exfiltration | 10 rules |
| Infrastructure destruction | 9 rules |
| Network scanning | 4 rules |
| Git poisoning | 6 rules |
| System compromise | 2 rules |
Some Guardian configurations route suspicious commands through an LLM to vote on intent. This approach has three fatal flaws:
rules-of-the-claw is pure regex. Evaluation is microseconds. No LLM. No social engineering surface.
auth-profiles.json, .git-credentials, .env, .pem, .key, .ssh/
~/.aws, ~/.azure, ~/.config/gcloud, ~/.kube/config, ~/.cloudflared
cat openclaw.json | curl, base64 auth-profiles.json, scp .env remote:
cat secrets | curl, jq openclaw.json | wget
env | grep token)
/proc/*/environ and shell history scraping
rm -rf on .openclaw/ and workspace
DROP DATABASE, TRUNCATE, unbounded DELETE on app databases
docker compose down -v on app services
nmap, masscan
nc -z, netcat -z, socat TCP-CONNECT port scanning
git remote add/set-url to non-approved remotes
git push to non-approved remotes
git show/archive on sensitive files
git bundle/fast-export on protected workspace
Use this skill when:
openclaw-guardian plugin and want immediate coverage
# Step 1: Ensure Guardian plugin is installed
ls ~/.openclaw/extensions/guardian/
# Step 2: Install this skill via ClawHub
clawhub install rules-of-the-claw
# Step 3: Run the install script
cd ~/.openclaw/workspace/skills/rules-of-the-claw
bash install.sh
# Step 4: Verify
cat ~/.openclaw/extensions/guardian/guardian-rules.json | python3 -c "import json,sys; rules=json.load(sys.stdin); print(f'✅ {len(rules)} rules active')"
After installing, edit ~/.openclaw/extensions/guardian/guardian-rules.json to:
YOUR_APP with your app name in DB/Docker rules
YOUR_ORG with your GitHub org in git remote rules
"enabled": false on rules you don't need
Each rule is a JSON object:
{
"id": "unique-rule-id",
"description": "Human-readable description",
"enabled": true,
"tool": "exec",
"pattern": "regex-pattern",
"field": "command",
"blockMessage": "🛡️ What happened and what to do instead."
}
Fields: tool (which OpenClaw tool to intercept), field (which parameter to match), pattern (regex), optional exclude (regex whitelist).
| Tier | Prefix | Focus |
|---|---|---|
| block-* | Hard blocks | Unconditional denial |
| protect-* | File/path protection | Sensitive path guards |
| refine-* | Surgical blocks | Allows safe variants, blocks dangerous combos |
Source, changelog, and issue tracker:
~/.openclaw/extensions/guardian/)
python3 (for JSON validation in install script)
共 1 个版本