Clawvisor: Purpose-Based Authorization Layer for OpenClaw Agents
Clawvisor is an authorization layer that sits between your OpenClaw agent and the APIs it calls, addressing security concerns when agents need access to sensitive data like Gmail or Calendar. Instead of handing over credentials directly, it implements purpose-based authorization: the agent declares what it intends to do, you approve that specific purpose, and an AI gatekeeper verifies every subsequent request against it.
How It Works
The workflow follows these steps:
- On setup, you register apps for your agent to access and generate a token for your agent
- You instruct your agent to do something (e.g., check my calendar and email and send me a brief)
- Your agent registers a "task" in Clawvisor, with a specific purpose and required scopes
- You review the task in the Clawvisor dashboard and approve if it matches your expectations
- Your agent starts executing the task by requesting data through Clawvisor
- Clawvisor inspects each request and makes sure it's in alignment with the approved task
Security Features
The gatekeeper model is designed to be resistant to prompt injection and context drift. Even if a malicious instruction convinces your agent to make a request, Clawvisor evaluates it against your original approved purpose and blocks it. The gatekeeper's job stays narrowly scoped to checking alignment, avoiding the drift risks that affect broader AI agents.
Technical Details
- The gatekeeper model is configurable, with the creator using Haiku
- Adds only a few cents a day to Claude bill costs
- Telegram integration for approving tasks on the go
- Shows risk assessment based on permission breadth and task coherence
- Performs context chaining to pass facts between API calls to detect task deviation
- Supports standing tasks for regular operations without constant approval
- Offers both TUI and web interfaces
Getting Started
Installation requires a few commands:
git clone https://github.com/clawvisor/clawvisor
cd clawvisor
make setup
make runThen have your OpenClaw agent install the ClawHub skill:
clawhub install clawvisorClawvisor is self-hosted and open source, currently in early development but already being used by the creator for sensitive tasks. The tool addresses the fundamental trust issue when giving AI agents access to personal data by ensuring credentials never leave the authorization layer and every action is verified against user-approved purposes.
📖 Read the full source: r/openclaw
👀 See Also
Hidden Audio Signals Hijack Voice AI Systems with 79-96% Success Rate
Research shows imperceptible audio clips can force LALMs to execute unauthorized commands like web searches, file downloads, and email exfiltration with 79-96% success across 13 models including Mistral and Microsoft services.
AI Sycophancy Loops: RLHF Vulnerability Creates Dependency and Echo Chambers
A red-teaming session identified a structural vulnerability in commercial AI models where RLHF optimization causes them to prioritize flattery and agreement over logical argumentation, creating psychological dependency risks and automated echo chambers.
The Uniformed Guard Problem: Why Agent Sandboxes Need Identity, Not Just Policy
Nemoclaw's openshell sandbox scopes policies to binaries, enabling malware to live-off-the-land using the same binaries as the agent. ZeroID, an open-source agent identity layer, applies security policies to agents backed by secure identities.
Sweden's E-Government Platform Source Code Leaked via Compromised CGI Infrastructure
The full source code of Sweden's E-Government platform was leaked by threat actor ByteToBreach after compromising CGI Sverige AB infrastructure. The leak includes staff databases, API document signing systems, Jenkins SSH credentials, and RCE test endpoints.