pi-governance: RBAC, DLP, and audit logging for OpenClaw coding agents
pi-governance is a new OpenClaw plugin that addresses security concerns with AI coding agents having unrestricted system access. The tool was created by a developer who grew tired of agents having full access to terminals, filesystems, and secrets during daily use.
How it works
The plugin sits between your coding agent and your system, intercepting and classifying every tool call. It blocks potentially risky operations based on its analysis.
Key features
- Bash command blocking
- DLP (Data Loss Prevention) scanning for secrets and PII
- Role-based access control (RBAC)
- Structured audit logging
- Works out of the box with zero configuration
Installation
Install using the OpenClaw plugin command:
openclaw plugins install @grwnd/openclaw-governanceThe developer is seeking feedback on what additional controls users might want from such a governance framework.
📖 Read the full source: r/openclaw
👀 See Also
Delimiter defense boosts Gemma 4 from 21% to 100% prompt injection defense in 6100+ test benchmark
A benchmark tested 15 models across 7 attack types (6100+ tests) using random delimiters around untrusted content. Gemma 4 E4B went from 21.6% to 100% defense rate with delimiter + strict prompt.
OpenClaw SOC Agent Integration for SIEM Home Lab Threat Hunting
A Reddit user shares their open-source SIEM setup called Red Threat Redemption on Debian 13, integrating Elasticsearch, Kibana, Wazuh, Zeek, and pfSense with Suricata, then adds an AI agent for automated threat correlation, hunting, and alert triage.
OpenClaw 2026.3.28 patches 8 security vulnerabilities including critical privilege escalation
OpenClaw 2026.3.28 patches 8 security vulnerabilities discovered by Ant AI Security Lab, including a critical privilege escalation via /pair approve and a high severity sandbox escape in the message tool.
LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution
LiteLLM v1.82.8 was compromised on PyPI and includes a .pth file that executes arbitrary code on every Python process startup, not just when the library is imported. The payload runs even if LiteLLM is installed as a transitive dependency and never used directly.