Rules of the Claw: Open Source Security Rule Set for OpenClaw Agents

Production Security Rule Set for OpenClaw Agents
Rules of the Claw is a JSON rule set that acts as a hard deny layer on top of agent tool calls in OpenClaw. It addresses the security risk of agents with broad tool access being vulnerable to bad skill installations or prompt injections that could cause real damage.
Key Security Features
- Blocks destructive executions including
rm -rfon workspace/config directories, pipe-to-shell operations, and curl to unknown executables - Protects credential files from reads and writes:
openclaw.json,auth-profiles.json, and files in.secrets/directory - Guards instruction files (
SOUL.md,AGENTS.md) from unauthorized agent edits - Denylists network reconnaissance tools including nmap, masscan, and netcat
- Blocks agent reads of other agents' auth profiles
Technical Implementation
The rule set contains 139 total rules with three preset configurations: minimal, standard, and strict. It ships with a JSON schema, validation scripts, and a one-command install skill. The key design decision is zero LLM dependency - rules execute at the tool layer via regex patterns, providing microsecond latency. Unlike LLM-based guardrails, regex patterns cannot be socially engineered or prompt-injected.
Availability and Licensing
The project is available at github.com/Bahuleyandr/rules-of-the-claw and is MIT licensed. The creator welcomes pull requests for new rule patterns.
📖 Read the full source: r/openclaw
👀 See Also

OpenClaw Patches Critical Privilege Escalation in /pair Approve Path
OpenClaw 2026.3.28 fixes a critical security vulnerability (GHSA-hc5h-pmr3-3497) where the /pair approve command allowed users with pairing privileges to approve device requests for broader scopes, including admin access. Affected versions are <= 2026.3.24.

Threat data from 91K AI agent interactions: Tool abuse up 6.4%, new multimodal attacks
Analysis of 91,284 AI agent interactions from February 2026 shows tool/command abuse increased 6.4% to 14.5%, with tool chain escalation as the dominant pattern. RAG poisoning shifted to metadata attacks (12.0%), and multimodal injection via images/PDFs emerged at 2.3%.

The Human Root of Trust: Establishing Accountability for Autonomous AI Agents
The Human Root of Trust is a public domain framework addressing the lack of accountability for autonomous AI agents through cryptographic means.

Open-Source Attack Surface Management Cheat Sheet Released
A developer has open-sourced an Attack Surface Management cheat sheet that covers practical workflows, tools, and references. The project includes sections on asset discovery, infrastructure tracking, reconnaissance tooling, automation workflows, and learning resources.