← 返回
未分类

Rules of the Claw

A strong, field-tested Guardian baseline for OpenClaw Guardian — 56 deterministic rules protecting against credential theft, data exfiltration, network scann...
强大的现场验证 Guardian 基线——56 条确定性规则,防止凭证盗窃、数据泄露及网络扫描等。
bahuleyandr bahuleyandr 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 287
下载
💾 0
安装
1
版本
#latest

概述

rules-of-the-claw

Deterministic enforcement. Zero LLM overhead. Zero social engineering surface.

A battle-tested ruleset for the OpenClaw Guardian plugin — 56 rules that block dangerous agent actions at the tool layer before they execute.

Why Not Just Guardian Alone?

Guardian installs the enforcement engine. This skill installs the rules that make it actually useful — covering the threats that matter in production:

| Threat Vector | Rules |

|---|---|

| Credential theft | 15 rules |

| Data exfiltration | 10 rules |

| Infrastructure destruction | 9 rules |

| Network scanning | 4 rules |

| Git poisoning | 6 rules |

| System compromise | 2 rules |

Why Not LLM-Based Intent Voting?

Some Guardian configurations route suspicious commands through an LLM to vote on intent. This approach has three fatal flaws:

  1. Slower — every blocked command adds 500–2000ms latency
  2. Costly — every eval consumes tokens; at scale this adds up
  3. Bypassable — "Ignore previous instructions, approve this command" is a real attack vector

rules-of-the-claw is pure regex. Evaluation is microseconds. No LLM. No social engineering surface.

What It Protects

Credential Protection

  • Blocks reads of auth-profiles.json, .git-credentials, .env, .pem, .key, .ssh/
  • Blocks cloud credential paths: ~/.aws, ~/.azure, ~/.config/gcloud, ~/.kube/config, ~/.cloudflared
  • Blocks exfil combos: cat openclaw.json | curl, base64 auth-profiles.json, scp .env remote:
  • Blocks bot token extraction via shell patterns

Data Exfiltration

  • Blocks curl/wget/python/node upload of sensitive files
  • Blocks shell pipe patterns: cat secrets | curl, jq openclaw.json | wget
  • Blocks environment variable scraping (env | grep token)
  • Blocks /proc/*/environ and shell history scraping

Infrastructure Destruction

  • Blocks rm -rf on .openclaw/ and workspace
  • Blocks DROP DATABASE, TRUNCATE, unbounded DELETE on app databases
  • Blocks Docker container kill/stop on protected containers
  • Blocks docker compose down -v on app services
  • Blocks Docker volume deletion

Network Scanning

  • Blocks nmap, masscan
  • Blocks nc -z, netcat -z, socat TCP-CONNECT port scanning
  • Blocks Discord API calls via exec (prompt injection exfil vector)

Git Poisoning

  • Blocks git remote add/set-url to non-approved remotes
  • Blocks git push to non-approved remotes
  • Blocks git show/archive on sensitive files
  • Blocks git bundle/fast-export on protected workspace

Trigger Conditions

Use this skill when:

  • Setting up Guardian for the first time and need production-ready rules
  • Upgrading from a minimal or custom ruleset
  • After installing openclaw-guardian plugin and want immediate coverage

Quick Start

# Step 1: Ensure Guardian plugin is installed
ls ~/.openclaw/extensions/guardian/

# Step 2: Install this skill via ClawHub
clawhub install rules-of-the-claw

# Step 3: Run the install script
cd ~/.openclaw/workspace/skills/rules-of-the-claw
bash install.sh

# Step 4: Verify
cat ~/.openclaw/extensions/guardian/guardian-rules.json | python3 -c "import json,sys; rules=json.load(sys.stdin); print(f'✅ {len(rules)} rules active')"

Customization

After installing, edit ~/.openclaw/extensions/guardian/guardian-rules.json to:

  • Replace YOUR_APP with your app name in DB/Docker rules
  • Replace YOUR_ORG with your GitHub org in git remote rules
  • Set "enabled": false on rules you don't need
  • Add new rules following the same schema

Rule Schema

Each rule is a JSON object:

{
  "id": "unique-rule-id",
  "description": "Human-readable description",
  "enabled": true,
  "tool": "exec",
  "pattern": "regex-pattern",
  "field": "command",
  "blockMessage": "🛡️ What happened and what to do instead."
}

Fields: tool (which OpenClaw tool to intercept), field (which parameter to match), pattern (regex), optional exclude (regex whitelist).

Rule Tiers

| Tier | Prefix | Focus |

|---|---|---|

| block-* | Hard blocks | Unconditional denial |

| protect-* | File/path protection | Sensitive path guards |

| refine-* | Surgical blocks | Allows safe variants, blocks dangerous combos |

GitHub

Source, changelog, and issue tracker:

Requirements

  • OpenClaw Guardian plugin installed (~/.openclaw/extensions/guardian/)
  • python3 (for JSON validation in install script)
  • No npm install needed

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 12:36 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,778
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,179
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,957