Clawpatrol - security firewall for agents

Reddit r/openclaw 05/26/26, 02:35 PM Tools

security firewall agents hcl open-source deno

Summary

Claw Patrol is an open-source security firewall that sits between agents and production, allowing users to write HCL rules to gate agent actions like blocking destructive SQL or requiring human approval for kubectl commands.

Claw Patrol sits between your agents and prod, parses their traffic at the wire, and gates each action against rules you write in HCL. For example, you can block destructive SQL, or pause `kubectl delete pod` until a human approves it before the request reaches Kubernetes. For the full overview see [clawpatrol.dev](https://clawpatrol.dev/) Example rule: rule "support-reply-on-behalf" { endpoint = https.deno-deploy condition = <<-CEL http.method == 'POST' && http.path == '/api/admin.supportTickets.replyOnBehalf' CEL approve = [llm_approver.reply-content-judge] } It is open source: [https://github.com/denoland/clawpatrol](https://github.com/denoland/clawpatrol)

Original Article

Similar Articles

Show HN: Claw Patrol, a security firewall for agents

Hacker News Top

Claw Patrol is a security firewall for AI agents, sitting between agents and production to parse traffic and gate actions using HCL rules, blocking destructive SQL or requiring human approval for risky commands like kubectl delete pod.

Claw Patrol: an open-source security firewall for agents

Lobsters Hottest

Deno open-sources Claw Patrol, a security firewall for AI agents that routes traffic through a tunnel, parses protocols, injects credentials, and enforces rules to prevent dangerous actions like SQL deletions or kubectl commands.

Where OpenClaw Security Is Heading

Hacker News Top

OpenClaw details its security architecture using `fs-safe` for filesystem boundaries and Proxyline for network egress control, aiming to make its AI personal assistant trustworthy and auditable.

ClawTick

Product Hunt

ClawTick is a developer tool that enables cron job scheduling for AI agents with a single command and no infrastructure setup required.

Security for your OpenClaw agent skill before they run

Reddit r/openclaw

SecureSkill is a tool that performs 10-layer security analysis on OpenClaw agent skills before execution, detecting threats like credential harvesting, outbound calls, and shell scripts. It produces a signed audit report mapped to OWASP, MITRE, NIST, and EU AI Act standards.