ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified communication Safety 5/5

agent-access-control

Tiered stranger access control for AI agents. Use when setting up contact permissions, handling unknown senders, managing approved contacts, or configuring stranger deflection on messaging platforms (WhatsApp, Telegram, Discord, Signal). Provides diplomatic deflection, owner approval flow, and multi-tier access (owner/trusted/chat-only/blocked).

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/bowen31337/agent-access-control
Or

What This Skill Does

The agent-access-control skill provides a robust security layer for OpenClaw AI agents operating on messaging platforms like WhatsApp, Telegram, Discord, and Signal. It acts as a digital gatekeeper, ensuring that your agent's capabilities—ranging from basic chitchat to sensitive data access—are strictly gated behind a multi-tier permission system. The skill features an automated 'stranger deflection' mechanism that politely informs unsolicited contacts that the agent is currently unavailable, while simultaneously pinging the owner for manual verification. By centralizing contact management through a simple JSON configuration, this skill prevents unauthorized tool usage and protects your privacy.

Installation

To add this layer of security to your agent, run the following command in your terminal:

clawhub install openclaw/skills/skills/bowen31337/agent-access-control

After installation, initialize the security protocol by creating memory/access-control.json within your workspace. Configure the ownerIds array, define your strangerMessage, and set the notifyChannel and notifyTarget parameters to ensure alerts reach your primary messaging app.

Use Cases

  • Personal Assistants: Keep your private AI free from spam or unwanted interruptions while maintaining a polite persona.
  • Team Management: Regulate access within group chats by upgrading colleagues to 'Trusted' status while keeping unknown external users at bay.
  • Privacy-First Operations: Ensure that internal tools and memory files are strictly inaccessible to anyone other than the verified owner.
  • Professional Gatekeeping: Act as an automated secretary that triages incoming messages, allowing you to manually approve who gets to interact with your agent.

Example Prompts

  1. "Check my pending approvals and upgrade John Doe to a Trusted contact so he can use the weather tool."
  2. "Add +1-555-0199 to the blocked list immediately; they keep spamming the agent."
  3. "Change the agent's stranger deflection message to be more formal and mention that I am currently on vacation."

Tips & Limitations

  • Normalization is Key: Always ensure phone numbers include the international country code prefix to avoid mapping errors during the ID check phase.
  • Tier Strategy: Use the 'Chat-only' tier for acquaintances you want to talk to, but avoid giving them access to your file system or automation tools.
  • Maintenance: Regularly audit your approvedContacts list to revoke access for users who no longer require it.
  • Limitations: The skill currently relies on the messaging platform's API availability; ensure your network connection is stable for real-time owner notifications to function correctly.
Read Full Documentation on GitHub

Metadata

Author@bowen31337
Stars4190
Views3
Updated2026-04-18
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-bowen31337-agent-access-control": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#access-control#privacy#gatekeeper#messaging
Safety Score: 5/5

Flags: file-read, file-write

Related Skills

Terse

Skill by bowen31337

bowen31337 4190

Identity Resolver

Skill by bowen31337

bowen31337 4190

whalecli

Agent-native whale wallet tracker for ETH and BTC chains. Track large crypto wallet movements, score whale activity, detect accumulation/distribution patterns, and stream real-time alerts. Integrates with FearHarvester and Simmer prediction markets for closed-loop signal→bet workflows. Use when: user asks about whale activity, on-chain signals, large wallet movements, smart money flows, or when pre-validating crypto trades/bets with on-chain data.

bowen31337 4190

agent-self-governance

Self-governance protocol for autonomous agents: WAL (Write-Ahead Log), VBR (Verify Before Reporting), ADL (Anti-Divergence Limit), VFM (Value-For-Money), and IKL (Infrastructure Knowledge Logging). Use when: (1) receiving a user correction — log it before responding, (2) making an important decision or analysis — log it before continuing, (3) pre-compaction memory flush — flush the working buffer to WAL, (4) session start — replay unapplied WAL entries to restore lost context, (5) any time you want to ensure something survives compaction, (6) before claiming a task is done — verify it, (7) periodic self-check — am I drifting from my persona? (8) cost tracking — was that expensive operation worth it? (9) discovering infrastructure — log hardware/service specs immediately.

bowen31337 4190

pyright-lsp

Python language server (Pyright) providing static type checking, code intelligence, and LSP diagnostics for .py and .pyi files. Use when working with Python code that needs type checking, autocomplete suggestions, error detection, or code navigation.

bowen31337 4190