npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clawwall

v0.1.4

Published

Policy firewall for AI agents. Blocks dangerous tool calls, protects credentials, and keeps your agent in check.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shauryatoorshauryatoor

Keywords

aifirewallclaudesecurityopenclawagentpolicy

Readme

ClawWall

Policy firewall for OpenClaw. ClawWall intercepts every tool call OpenClaw makes — file writes, shell commands, web requests, deployments, messages — and enforces security rules before they execute. Dangerous operations are blocked automatically. Suspicious ones pause for your approval. Everything is logged.

It doesn't matter what task OpenClaw is doing. Coding, managing files, browsing the web, running scripts — all of it goes through ClawWall.

Why ClawWall

When an AI agent runs on your machine, it has access to everything you have access to: your SSH keys, your .env files, your AWS credentials, your entire filesystem. It can run shell commands, make network requests, modify any file. Most of the time that's fine. But you shouldn't have to just trust that it won't make a mistake — or that the prompt it received wasn't manipulated.

ClawWall gives you a kill switch backed by real enforcement inside OpenClaw:

| Threat | What ClawWall Does | |--------|--------------------| | Destructive commands (rm -rf /, mkfs, shutdown) | Blocked automatically | | Credential reads (.env, id_rsa, .aws/credentials, .netrc) | Blocked automatically | | Data exfiltration (curl -d, wget --post, nc -e) | Blocked automatically | | Writes to sensitive files (.env, .ssh/, /etc/passwd) | Blocked automatically | | Writes outside your project directory | Blocked automatically | | Internal network access (localhost, private IPs) | Paused for your approval | | Everything else | Allowed, logged | | Your custom rules | Your call |

You can see every decision in real time via the web dashboard or TUI. Approve or deny anything with a click or keypress. Every action is logged to an audit trail.

Scope: ClawWall works by integrating directly with OpenClaw's tool execution pipeline. It is not an OS-level or kernel-level firewall — other AI tools on your machine (Claude Desktop, Cursor, etc.) are not covered unless they implement the ClawWall HTTP API.

Install

npm install -g clawwall

Requires Node.js 20+.

Or use the one-liner installer:

curl -fsSL https://clawwall.dev/install.sh | bash

Quick Start

# 1. Start the firewall daemon (runs in background)
clawwall start

# 2. Enable it for your AI agent
CLAWWALL_ENABLED=true <your-agent-command>

# 3. Open the live dashboard in your browser
open http://localhost:7654

That's it. ClawWall will now intercept and evaluate every tool call before it executes.

How It Works

ClawWall runs as a lightweight background daemon. OpenClaw is built to check with ClawWall before executing any sensitive tool — every exec, write, browser call, deploy, and more. The daemon evaluates the request against its rule set and returns a decision in milliseconds, or holds the connection open while you decide in the dashboard.

OpenClaw  ──(before every tool)──>  before-tool-call hook
                                           │
                                    POST /policy/check
                                           │
                                    ClawWall daemon
                                           │
                                    ┌──────▼───────┐
                                    │ Rule Engine  │──> allow (instant, tool runs)
                                    │              │──> deny  (instant, tool blocked)
                                    │              │──> ask   ──> Web dashboard / TUI
                                    └──────────────┘         └──> [Allow] / [Deny]

OpenClaw waits for the final allow or deny. It never sees "ask" — the daemon holds the HTTP connection open until you decide. If the daemon is unreachable, the fail policy applies (default: deny).

What It Protects

ClawWall covers every tool OpenClaw can use — not just coding operations. Whether OpenClaw is writing files, running scripts, accessing the web, or sending messages, ClawWall intercepts it first:

Your credentials and secrets (reads blocked):

  • .env files — agents can't read your API keys
  • SSH private keys — id_rsa, id_ed25519, id_ecdsa
  • Cloud credentials — .aws/credentials
  • Credential stores — .netrc, .pgpass

Your credentials and secrets (writes blocked):

  • .env, .ssh/, id_rsa, .aws/credentials, /etc/passwd, /etc/shadow

Your system:

  • rm -rf / and variants — permanently blocked
  • mkfs, dd if= — disk format commands blocked
  • chmod -R /, poweroff, reboot, shutdown — blocked

Data exfiltration:

  • curl -d, curl -F, curl -T — blocked (data upload flags)
  • wget --post-data, wget --post-file — blocked
  • nc -e, ncat -e — reverse shell commands blocked

Your data and files:

  • Writes outside your project directory — blocked
  • Custom path deny patterns — your rules, your control

Your internal network:

  • Requests to localhost, 127.0.0.1, private IP ranges — paused for approval
  • Prevents agents from talking to local services you didn't intend to expose

Web Dashboard

After clawwall start, open your browser to:

http://localhost:7654

No extra commands needed — the dashboard is served directly by the daemon.

┌─────────────────────────────────────────────────────┐
│  🔒 ClawWall  v0.1.1  ● connected  ⏱ 2h 14m        │
├───────────────────────┬─────────────────────────────┤
│  Live Feed            │  Stats                      │
│  ✓ exec  ls -la       │  Allow  ██████████ 142      │
│  ✓ read  src/index.ts │  Deny   ██          12      │
│  ✗ exec  rm -rf /     │  Ask    ███          8       │
│  ✗ read  .env         ├─────────────────────────────┤
│  ? browser localhost  │  Pending Approval           │
│                       │  browser: localhost:3000    │
│                       │  [✓ Allow]  [✗ Deny]        │
├───────────────────────┴─────────────────────────────┤
│  Rules                                              │
│  ✗ dangerous commands (built-in)                    │
│  ✗ credential reads (built-in)                      │
│  ✗ sensitive path writes (built-in)                 │
│  ✗ outside workspace (built-in)                     │
│  ? internal URLs (built-in)                         │
│  + [Add command pattern] [Add path pattern]         │
└─────────────────────────────────────────────────────┘
  • Live feed — real-time scrolling view of every decision, color-coded
  • Stats — allow/deny/ask counts and uptime
  • Pending approvals — click Allow or Deny directly in the browser
  • Rules panel — view built-in rules, add or remove your own custom rules

Terminal Dashboard (TUI)

clawwall tui
 ClawWall v0.1.1  ● connected  port 7654  up 2h 14m

  Live Feed                                Stats
  ✓ read  src/index.ts          allow      Allow  ██████████████ 142
  ✓ exec  npm install           allow      Deny   ██              12
  ✗ exec  rm -rf /tmp/.env      deny       Ask    ███              8
  ? browser  http://localhost   ask

  ─── Pending Approval ──────────────────────────────────────────
  → browser: http://localhost:3000
    AI wants to access your local dev server. Allow?
    [Y] Approve  [N] Deny  [↑↓] Navigate

  ─── Active Rules ──────────────────────────────────────────────
  built-in: dangerous commands → deny (exec, bash, shell, process)
  built-in: credential reads → deny (read, cat, view)
  built-in: sensitive path writes → deny (write, edit, apply_patch)
  built-in: outside workspace → deny (write, edit, apply_patch)
  built-in: internal URLs → ask (browser, navigate)

  [q] Quit  [r] Reload rules  [c] Clear feed

CLI

| Command | Description | |---------|-------------| | clawwall start | Start the daemon in the background | | clawwall start --foreground | Start in foreground (logs to stdout) | | clawwall stop | Stop the daemon | | clawwall status | Show status, uptime, decision counts, and dashboard URL | | clawwall tui | Open the terminal dashboard | | clawwall rules list | Show all active rules | | clawwall rules add-command <pattern> | Add a command deny pattern (regex) | | clawwall rules add-path <pattern> | Add a path deny pattern (substring) | | clawwall rules remove-command <index> | Remove a command deny pattern | | clawwall rules remove-path <index> | Remove a path deny pattern | | clawwall logs | View recent audit log | | clawwall logs --follow | Tail the audit log in real time | | clawwall install-launchd | Install macOS auto-start service |

Custom Rules

Add rules for anything that matters to your environment:

# Block any use of curl or wget entirely (stricter than built-in)
clawwall rules add-command "\\b(curl|wget)\\b"

# Block writes to your production config
clawwall rules add-path "config/production"

# Block writes to any migration file
clawwall rules add-path "migrations/"

# View all active rules
clawwall rules list

Rules live in ~/.clawwall/rules.json and are hot-reloaded — no restart needed. You can also add and remove rules directly in the web dashboard.

Built-in Rules

| Rule | Decision | Applies To | |------|----------|-----------| | Dangerous commands (rm -rf, mkfs, dd, chmod -R /, poweroff, reboot, shutdown) | deny | exec, bash, shell, process | | Data exfiltration (curl -d/--data/-F/-T, wget --post-data/--post-file, nc -e, ncat -e) | deny | exec, bash, shell, process | | Credential reads (.env, id_rsa, id_ed25519, id_ecdsa, .aws/credentials, .netrc, .pgpass) | deny | read, cat, view | | Sensitive path writes (.env, .ssh/, id_rsa, .aws/credentials, /etc/passwd, /etc/shadow) | deny | write, edit, apply_patch | | Writes outside workspace directory | deny | write, edit, apply_patch | | Internal URLs (localhost, 127.0.0.1, 10.x, 192.168.x, 172.16–31.x) | ask | browser, navigate, web_fetch |

Audit Log

Every decision ClawWall makes is recorded:

clawwall logs              # recent entries
clawwall logs --follow     # real-time tail

Logs are written to ~/.clawwall/audit/clawwall-YYYY-MM-DD.audit.jsonl. Each entry includes the timestamp, agent ID, tool name, arguments, decision, and the rule that matched.

Configuration

Environment Variables

| Variable | Default | Description | |----------|---------|-------------| | CLAWWALL_ENABLED | false | Enable ClawWall (set to true) | | CLAWWALL_URL | http://localhost:7654 | Daemon URL | | CLAWWALL_PORT | 7654 | Daemon port | | CLAWWALL_TIMEOUT_MS | 130000 | Max wait for approval (ms) | | CLAWWALL_RULES_FILE | ~/.clawwall/rules.json | Custom rules file | | CLAWWALL_AUDIT_DIR | ~/.clawwall/audit | Audit log directory |

Agent Integration (OpenClaw)

# Enable via environment
CLAWWALL_ENABLED=true openclaw

# Or in your OpenClaw config
{
  "clawwall": {
    "enabled": true,
    "url": "http://localhost:7654",
    "failPolicy": "deny"
  }
}

failPolicy controls what happens if the ClawWall daemon is unreachable: "deny" (safe default) or "allow".

HTTP API

Any agent can call ClawWall directly. The API is plain HTTP:

# Check a tool call
curl -X POST http://localhost:7654/policy/check \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "my-agent",
    "tool": { "name": "exec", "args": { "command": "rm -rf /" } },
    "context": { "cwd": "/Users/me/project" }
  }'
# → {"decision":"deny","reason":"dangerous_command: \\brm\\s+-rf\\b"}

| Endpoint | Method | Description | |----------|--------|-------------| | / | GET | Web dashboard (open in browser) | | /policy/check | POST | Evaluate a tool call — returns allow or deny | | /health | GET | Health check | | /stats | GET | Allow/deny/ask counts and uptime | | /rules | GET | List all active rules (built-in + custom) | | /rules/reload | POST | Hot-reload rules from disk | | /rules/add | POST | Add a custom rule {type: "command"\|"path", pattern: string} | | /rules/command/:index | DELETE | Remove a custom command rule by index | | /rules/path/:index | DELETE | Remove a custom path rule by index |

Auto-Start on Login (macOS)

clawwall install-launchd

Installs a LaunchAgent so ClawWall starts automatically when you log in. To remove:

launchctl unload ~/Library/LaunchAgents/com.clawwall.agent.plist
rm ~/Library/LaunchAgents/com.clawwall.agent.plist

Data Directory

~/.clawwall/
  clawwall.pid           # Daemon PID file
  rules.json             # Your custom deny rules
  audit/                 # Rolling daily JSONL audit logs
    clawwall-2026-03-09.audit.jsonl
    clawwall-2026-03-08.audit.jsonl

License

MIT