ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

safeclaw-proxy

Install and verify the SafeClaw safety proxy for OpenClaw and other OpenAI-compatible clients. Use when setting up a local or hosted SafeClaw proxy, routing model traffic through it, debugging why calls are not appearing in the dashboard, or adapting setup for OpenClaw provider configs, agent models.json, or shell-launched clients.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/adamulster24/safeclaw-proxy
Or

Setup SafeClaw Proxy

Set up SafeClaw end to end. Use exec for commands. Report progress after each completed step. Stop only for real blockers.

Default to doing the work yourself. Ask the user only when you truly need one of these:

  • a choice between local and hosted mode
  • a secret or URL you cannot read yourself
  • a permission boundary you cannot cross
  • a restart or relaunch the user must perform outside your control

Prefer direct config edits, file edits, and process control over telling the user to type commands manually.

Success condition:

  1. SafeClaw is running and its health endpoint responds.
  2. At least one real client path is pointed at the proxy.
  3. A test call passes through the proxy.
  4. The user understands which traffic will and will not appear on the dashboard.

Step 0: Inspect how this OpenClaw install actually routes model traffic

Do this before changing anything.

  1. Read the active model situation instead of assuming models.providers.openai exists.
  2. Check all of these, in order:
    • gateway config.get
    • ~/.openclaw/agents/main/agent/models.json if it exists
    • session_status
  3. Classify the environment into one of these routing modes:
    • Gateway-config provider mode: provider config lives in OpenClaw config and can be patched there.
    • Agent models file mode: provider config lives in ~/.openclaw/agents/main/agent/models.json.
    • Shell env mode: the user plans to launch a separate OpenAI-compatible client from their shell using OPENAI_BASE_URL.
    • Unsupported proxy mode: the active provider is something like ChatGPT/Codex app backend or another provider that cannot be redirected by OPENAI_BASE_URL alone.
  4. Tell the user which mode you found.

Important:

  • Do not claim "all LLM calls" will go through SafeClaw unless you have actually verified the active provider path was reconfigured.
  • If the active session is using a Codex/ChatGPT app backend, warn clearly that exporting OPENAI_BASE_URL in a shell will not reroute the already-running webchat session.

Step 1: Pre-flight checks

1a. Private-network access for localhost

Before patching config, check whether the schema path exists. Try gateway config.schema.lookup on models.providers.<provider>.request.allowPrivateNetwork. If schema.lookup is not available in this build, use gateway config.get and inspect the returned structure to see if request.allowPrivateNetwork appears under any provider.

For provider-based OpenClaw routing, the relevant flag is usually:

  • models.providers.<provider>.request.allowPrivateNetwork

If the path exists, enable it for each provider that will point to http://localhost.

If the path does not exist in this build, do not invent a config key. Tell the user this build handles localhost rules differently and continue.

1b. Elevated exec

Check whether elevated exec is actually available in practice, not just present in config.

Read Full Documentation on GitHub

Metadata

Author@adamulster24
Stars4473
Views2
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-adamulster24-safeclaw-proxy": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.