ClawVault Security Enhancement Adds Sensitive Data Detection for OpenClaw

Security Proxy for OpenClaw LLM Traffic

Yet Another ClawVault is a minimal, security-focused enhancement built directly on the original ClawVault architecture. It's designed to quickly add strong guardrails to OpenClaw deployments by intercepting model API traffic and preventing sensitive data leaks.

Core Features

The tool focuses on three core capabilities:

• Transparent proxy to intercept model API traffic (already implemented in the original ClawVault)
• Real-time sensitive data detection with automatic sanitization or blocking
• Clean monitoring including token usage and alerts on sensitive operations

Quick Start Installation

Installation follows the original project's quick-start style:

pip install -e .
clawvault start

After installation, point OpenClaw's API calls to the proxy port using the default configuration:

proxy:
  port: 8765
  intercept_hosts: ["api.openai.com", "api.anthropic.com"]
guard:
  mode: "interactive"

Sensitive Data Detection

The guard layer includes extra sensitive field matching that automatically sanitizes or blocks data matching patterns like:

• password=
• sk-proj-
• Bearer tokens

The enhancement was created after reviewing OpenClaw's LLM request logs revealed several instances where the model directly included sensitive data (passwords, API keys, tokens) in plain text within prompts or tool calls. According to the developers, since implementing this proxy + guard combination, there have been "no more plaintext keys floating in the logs."

The original ClawVault repository is available at https://github.com/tophant-ai/ClawVault, and developers are encouraged to fork and submit PRs for these enhancements.