Official Verified developer tools Safety 5/5

clawshell

Human-in-the-loop security layer. Intercepts high-risk commands and requires push notification approval.

Why use this skill?

Secure your OpenClaw agent with ClawShell. This human-in-the-loop security layer intercepts high-risk shell commands, ensuring your system remains safe.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/polucas/clawshell

Download Source Code (.zip)

What This Skill Does

ClawShell is a robust, human-in-the-loop security layer designed specifically for OpenClaw agents. By acting as a secure proxy between your AI agent and the system shell, it prevents malicious or accidental execution of dangerous commands. When the agent attempts to run a shell command, ClawShell evaluates it against a multi-tier risk engine. Operations are categorized into Critical (immediately blocked), High (requiring human confirmation via push notification), Medium (logged), and Low (allowed). This ensures that you maintain full oversight of your environment, preventing catastrophic failures like recursive deletions or unauthorized network requests, while allowing benign automation tasks to proceed unhindered.

Installation

Installation requires standard CLI tools and a notification provider. First, navigate to your workspace skills directory and run clawhub install openclaw/skills/skills/polucas/clawshell or use npm install within the local module directory. Configuration involves setting up your preferred notification service. Create a Pushover account or a Telegram bot, then populate your .env file with the relevant API keys (e.g., CLAWSHELL_PUSHOVER_USER and CLAWSHELL_PUSHOVER_TOKEN). Finally, update your project's TOOLS.md to instruct your OpenClaw agent to prefer clawshell_bash over native bash for all system interactions.

Use Cases

ClawShell is ideal for developers who want to empower their AI agents with shell access while enforcing security best practices. Use it when performing batch file refactoring where a regex might accidentally wipe important files, or when the agent needs to fetch remote dependencies via curl or wget. It serves as a safety net in production-adjacent environments where an AI's autonomous decisions could otherwise be destructive.

Example Prompts

"Check the status of pending shell command approvals and review the logs for the last 10 operations."
"Update the project dependencies using npm and execute the build script; inform me if any high-risk commands are triggered."
"List all files in the directory and run a git status to ensure the repository is clean before performing any sensitive cleanup tasks."

Tips & Limitations

To maximize the utility of ClawShell, always verify that your notification channels are active and configured correctly before initiating long-running background tasks; otherwise, the agent will hang indefinitely waiting for approval. Note that ClawShell relies on pattern matching for risk analysis; while effective, it cannot guarantee complete safety against sophisticated obfuscated shell attacks. Keep your environment variables secure and audit the logs/clawshell.jsonl file periodically to identify recurring high-risk patterns in your agent's behavior.

Read Full Documentation on GitHub

Metadata

Author@polucas

Stars1217

Updated2026-02-20

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-polucas-clawshell": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473