ClawGuard: Open-Source Security Gateway for OpenClaw API Credential Protection

What ClawGuard Does
ClawGuard addresses a security concern when using OpenClaw: the agent needs API access to services like GitHub, Slack, Todoist, and OpenAI, but storing real tokens on the same machine creates risk. A prompt injection could trick the agent into performing destructive actions with those credentials.
How It Works
ClawGuard sits between the agent and external APIs. The agent or its tools call the original APIs but only use dummy credentials. Real tokens are stored on a separate machine, preventing the agent from reading or exfiltrating them.
Deployment Modes
- Mode A: If the SDK supports a custom base URL, point it directly to ClawGuard
- Mode B: If the SDK has a hardcoded URL, use a tiny forwarder/redirector on the agent machine (hosts-file based) that transparently routes traffic to ClawGuard while keeping real tokens off the agent machine
Security Features
- For sensitive calls, ClawGuard requests Telegram approval with approve/deny/timeout options and time-limited approvals
- Maintains an audit trail of requests including method, path, and optional payload
- Inspired by the CIBA pattern used in banking-style authentication flows, applied to "AI agent → API calls"
Source and Discussion
The creator built ClawGuard to avoid giving OpenClaw direct access to API passwords and tokens. The tool is open-source and available on GitHub with a README explaining implementation details. The Reddit post includes discussion about how others handle API access for AI agents.
📖 Read the full source: r/openclaw
👀 See Also

Local Model Prompt Injection Scanner for AI Skills Security
A proof-of-concept tool scans third-party AI skills for hidden bash command injections using a local non-tool-calling model like mistral-small:latest on Ollama, addressing security vulnerabilities in Claude Code's ! operator feature.

Linux Kernel Proposes Decentralized Identity System to Replace PGP Web of Trust
Linux kernel maintainers are working on a decentralized identity layer called Linux ID to replace the current PGP web of trust. The system uses W3C-style decentralized identifiers (DIDs) and verifiable credentials to authenticate developers without requiring face-to-face key-signing sessions.

5 Malicious OpenClaw Skills That Passed ClawScan + VirusTotal: Unit 42 Analysis
Unit 42 found 5 malicious OpenClaw skills that bypassed ClawScan and VirusTotal. Techniques included runtime referral swapping, SOL pooling for pump-and-dump, and 22MB README padding to hide an AMOS dropper.

Securing OpenClaw Infrastructure with Pomerium Identity-Aware Proxy
Use Pomerium as an identity-aware proxy for zero-trust authentication to secure OpenClaw server access.