Official Verified developer tools Safety 5/5

clawshell

Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.

Why use this skill?

Enhance your OpenClaw agent security with ClawShell. Intercept dangerous shell commands, require push notification approvals, and maintain full audit logs for every operation.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/lucky-2968/clawshell-0-1-0

Download Source Code (.zip)

What This Skill Does

ClawShell is a robust, human-in-the-loop security middleware designed to safeguard your OpenClaw agent operations. By replacing direct bash access with a secure wrapper, ClawShell intercepts all shell commands, performs real-time risk analysis, and forces a mandatory approval gate for sensitive or high-risk operations via push notifications. It categorizes commands into four risk tiers: Critical, High, Medium, and Low. While benign operations like 'ls' or 'git status' execute immediately, dangerous commands such as 'rm -rf' or unauthorized network requests trigger an external validation process. All execution decisions are transparently recorded in a JSONL audit log, ensuring you retain full visibility into how your agent interacts with the underlying filesystem.

Installation

Installation is straightforward. First, navigate to your workspace directory at /app/workspace/skills/clawshell and run npm install to resolve dependencies. Next, define your notification infrastructure by creating a Pushover or Telegram account and mapping your credentials to the .env file (using keys like CLAWSHELL_PUSHOVER_USER or CLAWSHELL_TELEGRAM_BOT_TOKEN). Finally, update your TOOLS.md file to instruct OpenClaw to exclusively utilize clawshell_bash rather than standard bash. This ensures all agent-driven shell activity adheres to your security policy.

Use Cases

ClawShell is essential for environments where agents perform autonomous tasks on sensitive infrastructure. It prevents accidental data deletion, stops malicious exfiltration attempts, and provides a 'kill switch' for unauthorized credential access. It is particularly useful when running agents on production servers, shared development environments, or handling proprietary source code where an agent's logic might otherwise execute irreversible commands without oversight.

Example Prompts

"OpenClaw, please scan the current directory and list all files to ensure the environment is clean."
"Clean up the build artifacts in the dist folder using clawshell_bash, and let me know if you need my approval for the removal."
"Run a git status check to see if we have uncommitted changes in the repository."

Tips & Limitations

Always configure redundant notification channels to ensure you never miss an approval request. Note that while ClawShell is effective against common shell-based threats, it does not replace kernel-level security or container isolation. It is designed as an agent-layer control tool; always combine it with robust system-level permissions (like non-root execution) for maximum protection. Regularly audit logs/clawshell.jsonl to tune risk rules for your specific workflow.

Read Full Documentation on GitHub

Metadata

Author@lucky-2968

Stars1601

Updated2026-02-27

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-lucky-2968-clawshell-0-1-0": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473