Show HN: ClawGuardian – Security Plugin for OpenClaw

Secrets: API keys, tokens, cloud credentials, private keys

PII: SSN, credit cards, emails, phone numbers

Destructive commands: rm -rf, git reset --hard, DROP TABLE, sudo, etc.

When something is detected, you can configure it to block, redact, require confirmation, or just warn. I added some defaults, e.g. it blocks rm -rf / and warns for email exposure.

Install:

openclaw plugins install clawguardian

Example:

$ openclaw agent --message "run echo '4358 9100 8899 4843'" --agent main

09:33:20 [plugins] ClawGuardian: pii_credit_card (high) detected in tool exec params

Done. The command ran, but ClawGuardian redacted the output since it detects the card-like format.

GitHub: https://github.com/superglue-ai/clawguardian

This is an early version, so I'd love some feedback and thoughts on how to make ClawGuardian better. This is not a replacement for being careful with OpenClaw's capabilities, just an additional security layer preventing the bot from posting my SSN that if found in my emails on some obscure agent social media network.