Claude Skill
SeyZ/clawbands
ClawBands is a security middleware for OpenClaw AI agents, offering guardrails and access control to protect agent interactions. Built with TypeScript.
Overview
Repository
Install this Skill
npm install -g clawbandsRegistry
npm install -g clawbandsgit clone https://github.com/SeyZ/clawbands.gitnpm install
Summary
ClawBands is a security middleware for OpenClaw AI agents, providing guardrails and access control to protect agent interactions.
ClawBands 是 OpenClaw AI 代理的安全中间件。
Key features
- Security middleware for OpenClaw AI agents
- Guardrails to enforce safe agent behavior
- Access control for agent interactions
- Built with TypeScript for reliability
- Lightweight and easy to integrate
Use cases
- Securing AI agent deployments in production
- Preventing unauthorized agent actions
- Adding compliance layers to agent workflows
- Monitoring and logging agent behavior
README excerpt
# 🦞 + 🪢 ClawBands <p align="center"> <img src="logo.png" alt="ClawBands Logo" width="300"/> </p> **Put safety bands on [OpenClaw](https://github.com/openclaw/openclaw)** ClawBands is a security middleware for [OpenClaw](https://github.com/openclaw/openclaw) AI agents. It hooks into OpenClaw's plugin system to intercept every tool execution (file writes, shell commands, network requests) and enforces human-in-the-loop approval before dangerous actions execute. [](https://opensource.org/licenses/MIT) [](http://www.typescriptlang.org/) [](https://nodejs.org/) ## Why? OpenClaw can execute shell commands, modify files, and access your APIs. OS-level isolation (containers, VMs) protects your **host machine**, but it doesn't protect the **services your agent has access to**. ClawBands solves this by hooking into OpenClaw's `before_tool_call` plugin event. Before any dangerous action executes (writes, deletes, shell commands, API calls), the agent pauses and waits for your decision. In a terminal, you get an interactive prompt. On messaging channels (WhatsApp, Telegram), the agent asks you YES/NO and relays your answer via a dedicated `clawbands_respond` tool. Every choice is logged to an immutable audit trail. Think of it as `sudo` for your AI agent: nothing happens without your explicit permission. ## Features - 🔒 **Synchronous Blocking** - Agent pauses until you approve - ⚙️ **Granular Control** - Allow reads, ask on writes, deny deletes - 💬 **Channel Support** - Works in terminal, WhatsApp, Telegram via `clawbands_respond` tool - 📊 **Full Audit Trail*