@amanda-lakera/openclaw-plugin-lakera-guard
v0.1.1
Published
OpenClaw plugin: screen tool calls with Lakera Guard and block if flagged
Readme
Lakera Guard OpenClaw Plugin
Screens every tool call with Lakera Guard and blocks execution when content is flagged.
Install
From this repo (amanda-lakera/openclaw-plugin-lakera-guard):
git clone [email protected]:amanda-lakera/openclaw-plugin-lakera-guard.git
openclaw plugins install -l ./openclaw-plugin-lakera-guardOr from npm:
openclaw plugins install @amanda-lakera/openclaw-plugin-lakera-guardConfigure
Set your Lakera API key and optional project ID under the plugin config:
{
"plugins": {
"entries": {
"openclaw-plugin-lakera-guard": {
"enabled": true,
"config": {
"apiKey": "your-lakera-api-key",
"projectId": "your-project-id",
"timeoutMs": 5000
}
}
}
}
}- apiKey (required): From Lakera Dashboard.
- projectId (optional): Lakera project for policy; omit to use default policy.
- timeoutMs (optional): Request timeout; default 5000.
Restart the OpenClaw gateway after enabling or changing config.
Behavior
- Before each tool runs, the plugin sends the tool name and parameters to
https://api.lakera.ai/v2/guardin OpenAI chat completions format. - If the response has
flagged: true, the tool call is blocked and the user sees a block reason. - If the Guard request fails (network/API error), the tool is not blocked (fail-open). Edit the plugin to block on error for fail-closed.
Testing
Unit tests (no API key needed)
From the plugin directory:
pnpm install
pnpm testTests mock the Lakera API and assert that the plugin sends the correct assistant tool_calls payload and blocks (or allows) based on the flagged response.
Manual test with OpenClaw
- Install and enable the plugin in OpenClaw (see Install and Configure above), then restart the gateway.
- Trigger a tool call, e.g. run the agent and ask for something that uses a tool:
openclaw agent --message "What's the weather in London?" - In the Lakera Dashboard you can inspect requests and flagging. To verify blocking: use a test policy that flags a specific tool or argument pattern, or call the Guard API directly with a known-bad payload and confirm the same call is blocked when triggered via OpenClaw.
Publishing
From the plugin directory, after logging in to npm (npm login or pnpm login):
pnpm publish --access publicScoped packages (@amanda-lakera/...) are private by default; --access public makes this package installable by anyone.
