ClawGuard: Open-Source Security Gateway for OpenClaw API Credential Protection

What ClawGuard Does

ClawGuard addresses a security concern when using OpenClaw: the agent needs API access to services like GitHub, Slack, Todoist, and OpenAI, but storing real tokens on the same machine creates risk. A prompt injection could trick the agent into performing destructive actions with those credentials.

How It Works

ClawGuard sits between the agent and external APIs. The agent or its tools call the original APIs but only use dummy credentials. Real tokens are stored on a separate machine, preventing the agent from reading or exfiltrating them.

Deployment Modes

• Mode A: If the SDK supports a custom base URL, point it directly to ClawGuard
• Mode B: If the SDK has a hardcoded URL, use a tiny forwarder/redirector on the agent machine (hosts-file based) that transparently routes traffic to ClawGuard while keeping real tokens off the agent machine

Security Features

• For sensitive calls, ClawGuard requests Telegram approval with approve/deny/timeout options and time-limited approvals
• Maintains an audit trail of requests including method, path, and optional payload
• Inspired by the CIBA pattern used in banking-style authentication flows, applied to "AI agent → API calls"

Source and Discussion

The creator built ClawGuard to avoid giving OpenClaw direct access to API passwords and tokens. The tool is open-source and available on GitHub with a README explaining implementation details. The Reddit post includes discussion about how others handle API access for AI agents.